<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style data-premailer="ignore" type="text/css">
a { color: #1068bf; }
</style>
<style>img {
max-width: 100%; height: auto;
}
body {
font-size: .875rem;
}
body {
-webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px;
}
body {
font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;
}
</style>
</head>
<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px; font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>
<div class="content">
<h3 style="margin-top: 20px; margin-bottom: 10px;">
Timo Aaltonen pushed to branch master at <a href="https://salsa.debian.org/sssd-team/sssd">Debian SSSD packaging / sssd</a>
</h3>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
Commits:
</h4>
<ul>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0e8e6946b77c78c61e0d63c37ee2bb8ae2c9f1ce">0e8e6946</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2024-10-15T11:58:35+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Update version in version.m4 to track the next release
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/247797b2ac557f981581cf66b57ea029d8230c4e">247797b2</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-10-15T15:19:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: sss_ssh_knownhosts with port number
Add tests cases with port numbers
Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/163b1e3166997e470c539b058628e59a04386db0">163b1e31</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-10-15T15:19:31+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Mark builtwith for knownhosts tests
Mark builtwith for sss_ssh_knownhosts tests.
Update the marker of test to high to have basic
coverage in gating.
Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/934ae04e1387043fc0ac673ec6cf853724e15394">934ae04e</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-10-15T15:21:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: rm intg/test_sss_cache.py
* this test is indirectly tested by several tests
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7184541976608d357a5da48d09a7fa08862477d8">71845419</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-10-15T15:24:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ldap: add 'exop_force' value for ldap_pwmodify_mode
In case the LDAP server allows to run the extended operation to change a
password even if an authenticated bind fails due to missing grace logins
the new option 'exop_force' can be used to run the extended operation to
change the password anyways.
:config: Added `exop_force` value for configuration option
`ldap_pwmodify_mode`. This can be used to force a password change even
if no grace logins are left. Depending on the configuration of the
LDAP server it might be expected that the password change will fail.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/deefe9ad82e8e0057aa77ea5be60a86d223900da">deefe9ad</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-10-15T15:24:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add 'expo_force' tests
The new value for the ldap_pwmodify_mode option 'exop_force' is added to
existing test. A new test to illustrate the different behavior of 'exop'
and 'exop_force' is added.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/94e47c5ce9b06b0ce8e527607c3e1e221e823841">94e47c5c</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-10-15T15:29:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Passkey test cases with diffferent auth_methods
Added following test cases
1. Check authentication of user with IPA server when
no pin set for the Passkey.
2. Check authentication of user with updated prompting
options
3. Check password authentication of user with IPA server
when sssd fall back to password authentication
Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4a7ab02d893a0e98b72bf711db126abfb4324ee9">4a7ab02d</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-10-17T11:16:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add missing returncode to test_0004_bz1638295
Reviewed-by: Anuj Borah <aborah@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cbe3b03472a678b9a8470b3e3a0e08655808e06d">cbe3b034</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-17T17:35:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>When using SPDX expression the booleans must be in all caps.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b928dbe1fcb6cf4b7acbd97d3df9514d5c554953">b928dbe1</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-17T17:40:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Get rid of on-house MIN/MAX definitions
This matches approach already taken in sss_client/idmap/sss_nss_ex.c
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ed666e9fa8d5be66700d69186c2edb350df5816f">ed666e9f</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-10-18T09:22:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Unify packages available on client for ipa suites
This is needed to detect sssd NVR for idmci.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a2e91d20fc876f7c976623ecd6f6fb282c2d406c">a2e91d20</a></strong>
<div>
<span> by Jan Engelhardt </span> <i> at 2024-10-21T18:40:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build: remove superfluous WITH_IFP leftover
```
$ autoreconf && configure
...
./configure: line 18674: WITH_IFP: command not found
```
Fixes: 2.10.0-beta2-63-ge5140ab08
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/510130e844785b5ab7cb8415b1eb326d85360feb">510130e8</a></strong>
<div>
<span> by Scott Poore </span> <i> at 2024-10-21T18:41:42+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: sssd.conf update defaults for certmap maprule
The sssd.conf man page lists that the maprule RULE_NAME is used to match
a username. However, this is conditional when built with the files
provider. This change states that unconditionally in the maprule
defaults and states that it applies to both the files and proxy
providers.
Signed-off-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2b7915dd84a6b8c3ee26e45357283677fe22f2cb">2b7915dd</a></strong>
<div>
<span> by Jan Engelhardt </span> <i> at 2024-10-21T18:42:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssd: always print path when config object is rejected
Observed:
```
Oct 16 09:44:04 a4 sssd[28717]: [sssd] [sss_ini_read_sssd_conf] (0x0020): Permission check on config file failed.
Oct 16 09:44:04 a4 sssd[28717]: Can't read config: 'File ownership and permissions check failed'
Oct 16 09:44:04 a4 sssd[28717]: Failed to read configuration: 'File ownership and permissions check failed'
```
Expected:
_Well yes, but **which one**_!?
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d004e7b4b977da3dd9f1d3de910c28c093a6fb26">d004e7b4</a></strong>
<div>
<span> by santeri3700 </span> <i> at 2024-10-21T18:44:30+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: honor ad_use_ldaps setting with ad_machine_pw_renewal
The value of ad_use_ldaps was not passed as `--use-ldaps`
argument to the adcli update command which handles
the automatic renewal of AD machine account password.
Resolves: https://github.com/SSSD/sssd/issues/7642
Signed-off-by: santeri3700 <santeri.pikarinen@gmail.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6b2219015f6b9ea547e7a2a4ff57d0c06a66f47d">6b221901</a></strong>
<div>
<span> by Yaakov Selkowitz </span> <i> at 2024-10-23T14:34:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: require systemtap-sdt-dtrace on ELN
ELN (the future RHEL 11) tracks rawhide and therefore also includes a systemtap with a separate dtrace subpackage.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a822206c7859b5f39af2b2ea1b117850a0589e3c">a822206c</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2024-10-23T14:35:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Missing 'dns_update_per_family' option
This update fixes missing 'dns_update_per_family' option in python code
and config files.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/42d1837a87cddfcbeb111cb7a0410e53e1b46cf7">42d1837a</a></strong>
<div>
<span> by Jan Engelhardt </span> <i> at 2024-10-23T14:36:02+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build: unbreak detection for x400Address
Observed:
```
./configure CFLAGS="-O0 -D_FORTIFY_SOURCE=3"
…
checking whether OpenSSL's x400Address is ASN1_STRING... no
configure: WARNING: OpenSSL's x400Address is not of ASN1_STRING type
```
Expected:
```
checking whether OpenSSL's x400Address is ASN1_STRING... yes
```
Relying on warnings alone is terrible; rewrite the C code to provoke compile
error in all cases. [N.B.: I just noticed that the use of the subtraction
operator is conveniently portable, and one need not use typeof(), which is
merely a language extension prior to C23.]
Fixes: 2.8.0-164-gced32c44e
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b84ced06c14cd1226f830c6de28ef552f9118385">b84ced06</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-23T14:37:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: add 'debug_backtrace_enable' getter
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2300abbaa148293189ef037e13db37e3d40b3123">2300abba</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-23T14:37:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: simplify / comment a bit better
`prepare_child_argv()`
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/88b55de2805bea63ed384800ff2681374b6d06b7">88b55de2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-10-23T14:37:08+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: propagate debug_backtrace_enabled to child processes
Resolves: https://github.com/SSSD/sssd/issues/7510
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8cdebfcfea58a0a4cb6d1a62b05ce843cde832a2">8cdebfcf</a></strong>
<div>
<span> by Jan Engelhardt </span> <i> at 2024-10-25T10:57:22+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build: stop overriding CFLAGS
CFLAGS is reserved for the user. configure must finish in an
idempotent state and not touch it, pursuant to automake.info §3.6
"Variables reserved for the user".
Observed:
```
$ ./configure && make CFLAGS=-O1
…
libtool: compile: gcc -DHAVE_CONFIG_H -I. -Wall -I..
-I./src/sss_client -I./src -I. -I/usr/include/samba-4.0
-I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include
-I/usr/include/libnl3 -DLIBDIR=\"/usr/local/lib\"
-DVARDIR=\"/usr/local/var\" -DRUNDIR=\"/usr/local/var/run\"
-DSSS_STATEDIR=\"/usr/local/var/lib/sss\"
-DSYSCONFDIR=\"/usr/local/etc\" -DSHLIBEXT=\"\"
-DSSSDDATADIR=\"/usr/local/share/sssd\"
-DSSSD_LIBEXEC_PATH=\"/usr/local/libexec/sssd\"
-DSSSD_CONF_DIR=\"/usr/local/etc/sssd\"
-DSSS_NSS_MCACHE_DIR=\"/usr/local/var/lib/sss/mc\"
-DSSS_NSS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/nss\"
-DSSS_PAM_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pam\"
-DSSS_PAC_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pac\"
-DSSS_SUDO_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/sudo\"
-DSSS_AUTOFS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/autofs\"
-DSSS_SSH_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/ssh\"
-DLOCALEDIR=\"/usr/local/share/locale\"
-DBASE_FILE_STEM=\"libsss_util_la-sysdb_ops\" -Wall -Wshadow
-Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align
-Wwrite-strings -Wundef -Werror-implicit-function-declaration
-Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99
-O1 -MT src/db/libsss_util_la-sysdb_ops.lo -MD -MP -MF
src/db/.deps/libsss_util_la-sysdb_ops.Tpo -c src/db/sysdb_ops.c -fPIC
-DPIC -o src/db/.libs/libsss_util_la-sysdb_ops.o
```
Expected:
```
libtool: compile: gcc -DHAVE_CONFIG_H -I. -Wall -I..
-I./src/sss_client -I./src -I. -I/usr/include/samba-4.0
-I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include
-I/usr/include/libnl3 -DLIBDIR=\"/usr/local/lib\"
-DVARDIR=\"/usr/local/var\" -DRUNDIR=\"/usr/local/var/run\"
-DSSS_STATEDIR=\"/usr/local/var/lib/sss\"
-DSYSCONFDIR=\"/usr/local/etc\" -DSHLIBEXT=\"\"
-DSSSDDATADIR=\"/usr/local/share/sssd\"
-DSSSD_LIBEXEC_PATH=\"/usr/local/libexec/sssd\"
-DSSSD_CONF_DIR=\"/usr/local/etc/sssd\"
-DSSS_NSS_MCACHE_DIR=\"/usr/local/var/lib/sss/mc\"
-DSSS_NSS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/nss\"
-DSSS_PAM_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pam\"
-DSSS_PAC_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/pac\"
-DSSS_SUDO_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/sudo\"
-DSSS_AUTOFS_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/autofs\"
-DSSS_SSH_SOCKET_NAME=\"/usr/local/var/lib/sss/pipes/ssh\"
-DLOCALEDIR=\"/usr/local/share/locale\"
-DBASE_FILE_STEM=\"libsss_util_la-sysdb_ops\" -Wall -Wshadow
-Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align
-Wwrite-strings -Wundef -Werror-implicit-function-declaration
-Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99
-O1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-MT src/db/libsss_util_la-sysdb_ops.lo -MD -MP -MF
src/db/.deps/libsss_util_la-sysdb_ops.Tpo -c
```
Fixes: sssd-1_3_0-3-g551aa6c36
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/30a980384a59c2ddc8fc256502bb02b64775873c">30a98038</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INI: remove unused helpers
Btw, `sss_ini_get_mtime()` could access uninitialized 'self->cstat'
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1d19b8ad9415e0a12ed3aaf039d4d0956ef4dbad">1d19b8ad</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INI: stop using 'libini_config' for access check
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8472777ec472607ea450ddb4c4666017bd0de704">8472777e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INI: relax config files checks
Only make sure:
- user is root or sssd
- group is root or sssd
- other can't access it
Don't make any assumptions wrt user/group read/write-ability.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/518db322fdd5a4de41813fbe5bc35fc20392ce67">518db322</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Configuration: make sure /etc/sssd and everything
beneath is owned by 'sssd' group and readable by group.
This should allow for reasonable rw-r----- root:sssd
At some points those chown/chmod can be removed.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d7c977092c7a0df60ec627da50c207b07b333228">d7c97709</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INI: don't report used snippets in `sss_ini_add_snippets()`
This ends up in system journal because logger isn't initialized
yet at this point.
Snippets still can be verified via 'sssctl config-check'
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4cc62d457fd38a34bdfc986a620020c98e549cae">4cc62d45</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSCTL: change error message to be more accurate
To avoid misleading reports like in this case:
```
# sssctl config-check --debug 9
[sssd] [access_check_file] (0x0020): Unexpected user owner of '/etc/sssd/conf.d/pam.conf': 65534
Failed to read '/etc/sssd/sssd.conf': File ownership and permissions check failed
```
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/60d369c00528fd0cea257f7720d3d8da252116ce">60d369c0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T17:40:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INI: add verbose error messages
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/93eb0736ecffb77a077a2e9d0879e67d34173c15">93eb0736</a></strong>
<div>
<span> by Jan Engelhardt </span> <i> at 2024-11-01T17:40:59+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>build: fix spellos in configure.ac
"safe" is the antonym to "unsafe", but it's not like CFLAGS is unsafe.
You really want "saved" here.
Fixes: sssd-1_13_1-169-g6b01dae73
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2d0f0480a18aacd35a51b1854736d984d378d84e">2d0f0480</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-01T20:29:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>chown() gpo cache recursively.
If there is something in @gpocachepath@ it will be a directory with the
domain name and in this directory will be the GPO directory hierarchy
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/76682050022cba204ec5450f274a6e10a3726943">76682050</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-11-07T11:06:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSH: sss_ssh_knownhosts must ignore DNS errors
When the DNS cannot resolve the provided hostname, sss_ssh_knownhosts
must not fail.
Instead it should try its best to find it. It will now try to find
the host account in IPA using both the fqdn and serverHostName
attributes (the later contains the shortname); and using the name and
nameAlias when looking for the host in the cache.
However, the IP address is not (and must not be) stored in the cache
or IPA entries, so this case will not work if the DNS fails to associate
a hostname to the provided IP address. In such a situtation, not key
will be retrieved and provided to `ssh`.
Resolves: https://github.com/SSSD/sssd/issues/7664
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3054970e441d4e3a8888922f7ccba30d985a9ce4">3054970e</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-11-07T11:08:59+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding gpo customer test scenario to use the ldap attribute name
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7a8da2762897005d854cb91eaf5024986c31f8e7">7a8da276</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-11-09T10:44:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: Check sudo command threshold correctly
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2d85f89f9505abdb79f2054586a8854672a832e4">2d85f89f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-09T10:45:38+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAN: mistypes fixes
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2d408edd97342b30761775e84108d605e423f2d3">2d408edd</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-09T10:46:16+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam_sss: add some missing cleanup calls.
This patch should avoid Coverity warnings like:
./src/sss_client/pam_sss.c:3075:17: alloc_arg: "get_authtok_for_password_change" allocates memory that is stored into "pi.first_factor".
./src/sss_client/pam_sss.c:3090:25: leaked_storage: Variable "pi" going out of scope leaks the storage "pi.first_factor" points to.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8571d45b66622b152e1bf04517d573d125895d5a">8571d45b</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-12T12:21:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>subdomains: check when going online
With this patch SSSD will run the sub-domains request, if any, when
switching from offline to online state. Currently only the AD and the
IPA provider provide a sub-domains request. Besides trying to discover
the sub-domains the request will also refresh other domain wide
configurations, e.g. certificate mapping rules in the IPA provider case.
Given that it might not be clear how long the client was offline,
refreshing this data when going online makes sense.
Resolves: https://github.com/SSSD/sssd/issues/7612
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/be0c232be01b5fe2ffcaecae84980fb1b67ab916">be0c232b</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-11-12T12:23:47+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: removing intg/ts_cache.py
the following test cases are now covered in system/test_cache.py and
this can be removed.
* fixed assertion writes_to_both_databases tests
* added test detecting modification and deletion for groups
** test is a common user story and functional, changed priority to
critical
* added "integration" test invalidating user, group, netgroup objects
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d5b648498a712db4287c0c1050a0bc415ff49948">d5b64849</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-11-12T12:23:47+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: converting all the ldb cache tests to use one provider
There is minimal benefit to run these tests against all providers.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/56438ec7804e55b5d4de00e69d01d397a9905e61">56438ec7</a></strong>
<div>
<span> by Ondrej Valousek </span> <i> at 2024-11-12T15:41:21+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix bug in objectclass_matched()
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/71430f77727fc2262f6c54a453aca587f9d76597">71430f77</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-14T17:31:02+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: require OpenSSL >= 1.0.1
This is required since a86ee649ac7cd80cfb3c1b50ae728fbf12d1b92a
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ffec45bdbbf9d0e37077a37cba20dcf45b6d7749">ffec45bd</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-14T17:31:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ssh: do not use default_domain_suffix
The default_domain_suffix is already handled in the generic cache
request code and the additional enforcement in the ssh responder might
cause issue if fully-qualified names are used as input.
With this change the ssh responder handles request data similar to the
nss responder e.g. in sss_nss_protocol_parse_name().
Resolves: https://github.com/SSSD/sssd/issues/7671
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fb91349cfeba653942b32141f890e3de78b3fb13">fb91349c</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-14T17:31:48+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>responders: deprecate default_domain_suffix option
:relnote: The option default_domain_suffix is deprecated. Consider using
the more flexible domain_resolution_order instead.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9ee10f98e0070774e0e7f0794bc296ef06a671e4">9ee10f98</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-11-18T14:45:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>OPTS: Add the option for DP_OPT_DYNDNS_REFRESH_OFFSET
The label `DP_OPT_DYNDNS_REFRESH_OFFSET` was introduced in
https://github.com/SSSD/sssd/blob/fb91349cfeba653942b32141f890e3de78b3fb13/src/providers/be_dyndns.h#L55
but the corresponding option is missing in
https://github.com/SSSD/sssd/blob/fb91349cfeba653942b32141f890e3de78b3fb13/src/providers/be_dyndns.c#L1200
This error was introduced by
https://github.com/SSSD/sssd/commit/35c35de42012481a6bd2690d12d5d11a4ae23ea5
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2c72834e657197012b3a32207ffe307e8ba5f9e2">2c72834e</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2024-11-18T14:45:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Also test default_dyndns_opts
Compare this structure to ipa_dyndns_opts, which is already compared
to ad_dyndns_opts.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b74fe65b65c02a1470b731b012ad5b4723ce03b3">b74fe65b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-18T17:13:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: untie capabilities of different binaries
as those do not have to be the same
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7ce14e7f73af9c531a1034fcb315b167f02e21e3">7ce14e7f</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-18T17:13:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP_CHILD: replace 'cap_dac_override' with 'cap_dac_read_search'
'cap_dac_read_search' is needed to read a keytab but 'cap_dac_override'
(that allows to bypass file write permission checks) shouldn't be required.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/942799d5e7d9f30ad8aa4bdf3cccac8e954a9d8e">942799d5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-18T17:13:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP_CHILD: don't require any capabilities besides 'cap_dac_read_search'
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5ef1efc52d6902ddfc1abe12a375655c2b8f90b2">5ef1efc5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-18T17:13:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP_CHILD: require only 'cap_dac_read_search=permitted'
and raise to 'effective' when needed.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/23d9c93b971c60b5535444e6782b5970f56ce24e">23d9c93b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-18T17:13:55+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Describe current capabilities usage.
Take a note that usage of cap_dac_override + chown to create cache path
components could be changed to use cap_dac_override + (granted anyway) setuid,
but not sure if it's worth the trouble.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/507d2daa86e15e8252e248ef522b6bcae958193c">507d2daa</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-19T11:28:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: don't try to lookup `getservbyport(0, ...)`
'sssd_nss' won't handle this request anyway.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1f8040de29a4d7c73521134a9faeca4e6767178b">1f8040de</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-19T11:29:51+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSSDConfig: chown file to root:sssd
This is an addition to https://github.com/SSSD/sssd/pull/7667
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9c4a51fa1031b49a4d45c69a46719d2a398924ff">9c4a51fa</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2024-11-19T11:32:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Test transformation of bash-ldap-id-ldap-auth netgroup
Test transformation of bash-ldap-id-ldap-auth netgroup
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3294cdb09876e9279e78ab95b5a96a41a9821e1f">3294cdb0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-19T16:31:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: COPR: add c10s buildroot
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/21c6280556f4c8e035d1e78e6a51e1068d3ec92c">21c62805</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-11-19T18:28:49+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>'dtrace' was moved to a separate package on C10S as well
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a926f43ac17e46dd37b3ecc545f09c903651b327">a926f43a</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2024-11-21T16:27:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Reverse the condition and fail
Currently, the test will blindly fail if someone carelessly adds IPA to the topologies.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fce94aec3f335cbe33c509b14e389b9df0748744">fce94aec</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-22T12:19:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ldap_child: make sure invalid krb5 context is not used
Resolves: https://github.com/SSSD/sssd/issues/7715
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7514309bb361c8aea4f5ac8fef68f1a50f1a3fe1">7514309b</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-11-26T10:01:27+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Update sst to rhel-sst-idm-sssd for polarion.
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0bb13645168864ca9eb7097cad063e1bfa4834cf">0bb13645</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-11-26T20:54:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>analyzer: fix two crashes
OSError from 'sss_analyze error list'
PermissionError from 'sss_analyze request list' run without sudo
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e4b26042a5696c10ee0616a34c39f3539ca5ae34">e4b26042</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-11-27T10:37:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>dyndns: collect nsupdate debug output
It looks like in current code the assumption is that the nsupdate
command can just send its debug output into the backend log by
duplicating the file descriptor. This won't work since the logs file is
opened with O_CLOEXEC so that it is closed when nsupdate is started.
Additionally it is questionable if this approach is a good idea because
it would lead to a random intermixing of debug information. This patch
collects the output on strderr of nsupdate separately and adds it into
the backend log similar to the input send to nsupdate.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/58a2fee59914eea5130fd995315149f1b15fd5a8">58a2fee5</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-11-27T10:37:39+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding system/tests/readme.rst as a quick primer
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6040510803503d8da08c17d7177c0bed744b688c">60405108</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2024-12-02T12:26:20+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: SSSD fails to store users if any of the requested attribute is empty
SSSD fails to store users if any of the requested attribute is empty
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/098105486cd014717cbb055195b9f879dbce63ee">09810548</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2024-12-02T12:27:38+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add ssh to services for authentication with ssh tests.
This fixes mh critical tests that are failing.
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7b855ab92097ceef94baa4060b2691b09edb6a79">7b855ab9</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2024-12-03T18:45:10+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix python black formation error
Would reformat system/tests/test_ldap.py
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fe26a930852b85b128ca8e3fbf9dfa72536969ea">fe26a930</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2024-12-04T12:03:50+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add DoT support for DNS updates
DNS-over-TLS is a new standard for encrypting DNS traffic.
SSSD does not implement the DoT itself but relies on other
components of the system. This modification allows as to set
a DoT for dynamic DNS updates
:config: the `dyndns_server` option is extended so it can
be in form of URI (dns+tls://1.2.3.4:853#servername).
New set of options `dyndns_dot_cacert`,
`dyndns_dot_cert` and `dyndns_dot_key` allows to configure
DNS-over-TLS communication.
:relnote: The DoT for dynamic DNS updates is supported now.
It requires new version of `nsupdate` from BIND 9.19+.
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1ef3cf525b5646329cf0b11ec14e20378f55c4c4">1ef3cf52</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: verbosity around ccname handling
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5e17bc22f6c0ad74ba3ddb198db94acc96cc90a4">5e17bc22</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: don't pre-create parent dir(s) of wanted DIR:/FILE:
to match 'kinit' behavior and avoid the need for cap_chown and
cap_dac_override.
:relnote:SSSD doesn't create anymore missing path components of DIR:/FILE:
ccache types while acquiring user's TGT. The parent directory of requested
ccache directory must exist and the user trying to log in must have 'rwx'
access to this directory. This matches behavior of 'kinit'.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/541c42ba73b782e696979e90a925a03816c376e8">541c42ba</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: skip `switch_creds()` in PKINIT case
Since 'krb5_child' has lost set-id bit and is run under uid/gid of
the backend, it was a no-op.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/947f791d8e3e07413b77d1b3782608af1645ca2b">947f791d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: 'fast-ccache-uid/gid' args aren't used anymore
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/19dd64322857fba3eea2dd3855a79ba4f663d849">19dd6432</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: don't require effective CAP_DAC_READ_SEARCH
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/89d61e66b8753935ca9b2b017575e93055350d5e">89d61e66</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: verbosity
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/65538771154c49fd2541f3d17dbccf85f986e4e8">65538771</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: drop cap_set*id as soon as possible
Set user uid/gid as real IDs as a first step in `privileged_krb5_setup()`
and drop cap_set*id afterwards.
Having real_ids == user_ids and set_ids == service_ids should be
enough to switch thru and back.
:relnote:`krb5-child-test` was removed. Corresponding tests under
'src/tests/system/' are aimed to provide a comprehensive test coverage
of 'krb5_child' functionality.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/19a871a9e9f426c8be0c6760a8653a057d05b5fb">19a871a9</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: 'krb5_child' doesn't require effective capabilities
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/988e5fa846e928508cbcda3dee9f21943ad4949d">988e5fa8</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>become_user() moved to src/monitor
Monitor is the only user of this function and only if built
with support of deprecated 'sssd.conf::user' option.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a406c1b2890b37ac640eef681519087bb2aa27b8">a406c1b2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-05T16:36:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: cosmetics
Remove non existent / private functions from a header.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/20d658bfbadb47b9393142a9eb607d99bfda92f4">20d658bf</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-06T13:28:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Deprecate and make support of 'ad_allow_remote_domain_local_groups'
sssd.conf option conditional
:config: 'ad_allow_remote_domain_local_groups' option is deprecated
and will be removed in future releases.
:packaging: Support of deprecated 'ad_allow_remote_domain_local_groups'
sssd.conf option isn't built by default. It can be enabled using
'--with-allow-remote-domain-local-groups' ./configure option.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/110c4aead0d6f1f147bd3dc741528ce2cba5bedc">110c4aea</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-06T15:24:43+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KRB5: mistype fix
Fixes:
```
*** CID 515655: Uninitialized variables (UNINIT)
/home/runner/work/sssd/sssd/src/providers/krb5/krb5_child.c: 2435 in
get_and_save_tgt()
2429 goto done;
2430 }
2431
2432 /* Make sure ccache is created and written as the user */
2433 kerr = switch_to_user();
2434 if (kerr != EOK) {
>>> CID 515655: Uninitialized variables (UNINIT)
>>> Using uninitialized value "ret" when calling "sss_debug_fn".
2435 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to switch to user
IDs: %d\n", ret);
2436 goto done;
2437 }
2438
2439 log_process_caps("Saving ccache");
2440
```
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8c86abd6d6fb1456bb743e031e27802cd7aea490">8c86abd6</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2024-12-10T09:40:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ldap: make sure realm is set
In general the canonical principal will be only set in the cache after a
successful authentication because in general it is not know what the
canonical principal might be.
For Active Directory it is known that the canonical principal is build
with the sAMAccountName attribute and the Kerberos realm which is used
in the patch "AD: Construct UPN from the sAMAccountName" (7a27e539). If
'id_provider = ldap' is used to access Active Directory the realm might
not be set in the internal domain data and as a result a wrong principal
might be created. This patch makes sure the realm is set before creating
the canonical principal.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ef535319cc90797464a99e99e7b9d86533b76db8">ef535319</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2024-12-10T09:40:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Add the test when we replace id_provider
With AD/Samba check the authentication of user
by replacing id_provider = ldap
Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c357838d81f2d061f016a1797fc330d64ee6d1ae">c357838d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-10T11:10:51+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss_semanage code is only used by 'selinux_child'
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/75f1b2bae590d0978e1d645b59ff7011f37d5651">75f1b2ba</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-10T11:10:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss_selinux code is only used by 'ipa_selinux'
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5f2769267dde9f8d00f478f886bb5e6980291a1f">5f276926</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-10T11:10:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: shared helper to print current process credentials
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/84baae4b4ad02d486b5b2344f9202fb264da75f4">84baae4b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-10T11:10:52+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SELINUX_CHILD: only cap_set*id is required
:packaging:*Important note for downstream maintainers.*
A set of capabilities required by privileged binaries
was further reduced to:
```
krb5_child cap_dac_read_search,cap_setgid,cap_setuid=p
ldap_child cap_dac_read_search=p
selinux_child cap_setgid,cap_setuid=p
sssd_pam cap_dac_read_search=p
```
Keep in mind that even with limited set of fine graned capabilities,
usual precautions still should be taken while packaging binaries with
file capabilities: it's very important to make sure that those are
executable only by root/sssd service user. For this reason upstream
spec file packages it as:
```
-rwxr-x---. 1 root sssd
```
Failing to do so (i.e. allowing non-privileged users to execute those
binaries) can impose systems installing the package to a security risk.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/548fdb317d4418b760041fe8ecbf4d7b03641ac9">548fdb31</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-10T14:07:04+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Ignore '--dumpable' argument in 'krb5_child' and 'ldap_child' to avoid leaking host keytab accidentially.
Take a note that this is rather a general precaution than a fix
of a real threat since normally those coredumps wouldn't be
accessible to non-privileged user anyway.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bf99c163c1b76e8713454e74333858ead52a1823">bf99c163</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2024-12-11T10:49:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: lower missing passkey data debug level
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b060ed5070cf8c29a94868e430c63155f844f686">b060ed50</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-12-11T10:52:27+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: moved ad specific authentication test and created test_ad.py
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/132d2088ad4136ef08d758324496ee32cbe809e2">132d2088</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2024-12-11T10:52:27+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding override_homedir test
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5094a3d9900fa09642b7370b9f6dffeb4db95962">5094a3d9</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-12T21:21:21+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: reduce log level if `sss_krb5_touch_config()` fails
This is a fix of fc5c1a1af5d868a34a687550af1e31a17576ad25 -
when `times` argument is 'NULL' return code in case of failing
DAC checks is 'EACCESS', not 'EPERM'
Reviewed-by: Alejandro López <allopez@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/af65c00b9ca518a7769c05a41d5fc8208a2d133c">af65c00b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-17T15:21:08+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: conf files are owned by 'root:sssd'
518db322fdd5a4de41813fbe5bc35fc20392ce67 updated service files
but missed spec-file.
This results in
```
$ rpm --verify sssd-common-0:2.10.1-1.el10.x86_64
.....U... /etc/sssd
.....U... /etc/sssd/conf.d
.....U... /etc/sssd/pki
```
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a20fa0ffd6cb61bc164f52403f396cce6de8b2ea">a20fa0ff</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2024-12-18T16:50:39+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD SERVICE: use "--no-dereference" for 'chown'
to avoid following accidential symbolic links in those dirs.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39f9ff852f95f15c76c53cbfc8958b300294a8e2">39f9ff85</a></strong>
<div>
<span> by Krzesimir Nowak </span> <i> at 2024-12-19T14:09:24+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Assume that callbacks are not broken in OpenLDAP when cross-compiling
If we do cross-compiling against a known broken version of OpenLDAP,
we can do `export ac_cv_member_struct_ldap_conncb_lc_arg=no` before
running configure. This is rather unlikely now, as the test was done
to detect a bug that was fixed 16 years ago.
This allows the project to be configured successfully when
cross-compiling, without disabling connection callbacks.
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b7d4a8065be2c457f2798358577d80e05e1a2720">b7d4a806</a></strong>
<div>
<span> by Evgeny Sinelnikov </span> <i> at 2024-12-19T14:10:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>cert util: add support build with OpenSSL older than 3.0
Don't include <openssl/core_names.h> header if OpenSSL older 3.0 is
used. Fix compile typos for build with OpenSSL 1.1.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/befc4b66e2bae16aa4b084548a96fe166f43e934">befc4b66</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2024-12-20T18:06:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix the permission of snippet file
Fix the permission of snippet file
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ae6a0ff646c673cbb9e1c811e7742342fe09a9bb">ae6a0ff6</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2024-12-27T12:56:07+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: add feature presence automation
The test case can be further extended to cover other features by using
the parametrization that is already in place.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ffd5d0e103160efc63227befb2b2181d1cc3d726">ffd5d0e1</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2025-01-06T15:21:47+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: test_kcm.py fixing confusing error message
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4fbf96357beaaf93728b07c9fcf9f892b91cab02">4fbf9635</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-01-06T15:28:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: have analyzer request child parse child log
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/91d8199d108be00f3aa2914963d115c856a76e8e">91d8199d</a></strong>
<div>
<span> by fossdd </span> <i> at 2025-01-06T15:34:53+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix missing include sys/types.h
ino_t is provided by <sys/types.h>, see sys_types.h(0p). And therefore
build fails on musl libc and probably other libcs.
src/sss_client/nss_mc.h:56:5: error: unknown type name 'ino_t';
fixes commit 0344c41aca0d (SSS_CLIENT: check if mem-cache fd was hijacked)
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/10c753e1bc856325fcf08de9d76c1797009ca6ab">10c753e1</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-01-06T17:27:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5_child: ignore Smartcard identifiers with a ':'
libkrb5 expects the Smartcard identifiers like token name or label in a
single strings separated by ':'. If one of the identifiers contain a ':'
this breaks and since libkrb5 currently does not support escaping of ':'
SSSD will ignore the Smartcard during its pre-auth step to determine
the available authentication methods and will error out if this happens
during the actual authentication step.
Resolves: https://github.com/SSSD/sssd/issues/7746
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4b35ac30cb7e643bd4c7eb9d2492f667af59ee4a">4b35ac30</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-08T16:28:26+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: traverse 'sssdconfdir' symlink while chown-ing
to support use case where /etc/sssd is a symlink.
'-H' only allows following a command line argument itself,
everything else encountered due to '-R' isn't followed.
This is an update to a20fa0ffd6cb61bc164f52403f396cce6de8b2ea
Resolves: https://github.com/SSSD/sssd/issues/7781
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/561c51bd799246563018fb76dcfe42d64b5cb348">561c51bd</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-08T16:28:26+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSTEMD: fix missing 'g+x' on /etc/sssd and subdirs
for rpm-ostree based systems
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6bd231cda3dec7daf4dce01b8c35613bd197fbd0">6bd231cd</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-08T19:14:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LOGROTATE: fix path to pid file
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/067dbf614d8aa4d00bec3425740762ff65890b37">067dbf61</a></strong>
<div>
<span> by Iker Pedrosa </span> <i> at 2025-01-13T16:18:46+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: improve feature presence automation
`files-provider` stopped being shipped in Fedora 40 in sssd-2.9. Thus,
the detection matrix need to be updated to take this into account.
In addition, the assertion messages weren't clear enough, so I've
improved them to understand them at a first glance.
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c2d95a3b35524308c23c5ad880f29e0278df4049">c2d95a3b</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2025-01-13T16:20:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSH: sss_ssh_knownhost must succeed if the responder is stopped
sss_ssh_knownhosts requires that SSSD's 'ssh' service is launched to
work properly. But if it is not launched or it is anyhow stopped, the
tool MUST NOT fail and let the ssh client continue its job.
:fixes: If the ssh responder is not running, `sss_ssh_knownhosts` will
not fail (but it will not return the keys).
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e58cf803192c477857fe13b41e2fe2a3800cc9a1">e58cf803</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-01-13T16:21:07+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: Remove internal covscan workflow
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c6294f5ff32a917bb1286afcc23f92f4f8ebe010">c6294f5f</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-01-13T16:21:07+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: Add workflow for 'coverity' label in PRs
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/85784e7614da54aeaed2e8a757b5bd3c9523125d">85784e76</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-16T11:57:06+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: don't set PR_SET_DUMPABLE
to avoid leaking host keytab accidentially.
Take a note that this is rather a general precaution than a fix of a real threat
since normally those coredumps wouldn't be accessible to non-privileged user anyway.
This is an addition to https://github.com/SSSD/sssd/pull/7755
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7ff2e486e44fb28b19d3a6041f93cc6917c0fa75">7ff2e486</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-17T20:29:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SELINUX_CHILD: fail immediately if set-id fails
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/95160058cf0066a07809a674627a001f52469663">95160058</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-17T20:29:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SELINUX_CHILD: 'ret' argument of `prepare_response()` is always 0
both in current and pre- sssd-2.10.1 code. Let's make it explicit.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6e66cbb1f5534f0a471117c86e2d2792d01c46e5">6e66cbb1</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-17T20:29:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SELINUX: get rid of response as it was redundant and
rely solely on exit code.
This also fixes a bug that exit code wasn't handled before.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6cb2de5de2236b0b4c77ae983c326ba145110f05">6cb2de5d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-20T14:51:41+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Clear env of privileged 'sssd_pam' as a security hardening measure.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/50892b6bc3c55b69c10cc51d64f6e5e9f6dd9d92">50892b6b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-20T14:51:41+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Don't clear 'sssd_pam' env when built for intg-tests
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2e6fdb65ff33a0bfe2b61b4b21862d6c60b4726c">2e6fdb65</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2025-01-20T15:12:41+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CACHE_REQ: always return the first result in service by port lookups
RFC6335 Section 5 allows more than one service associated with a
particular port.
In this case always return the first result returned by
sysdb_getservbyport().
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f911e386664bfbe199c5816782adc0f6ef5ab1eb">f911e386</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2025-01-20T15:12:41+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Use temporary memory context to allocate the results
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b1c164945f9e1cb60631a2e21d08067074c5106e">b1c16494</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2025-01-20T15:12:41+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Allow multiple services associated to the same port
RFC6335 section 5 allow multiple services associated to the same
transport and port. This commit allows storing multiple service entries
in the cache for the same port and the lookup functions will return all
matching entries. The cache_req plugin will pick the first result.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/56ef896e85adfc1ee9641c78951f0f35449e61f4">56ef896e</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2025-01-20T15:12:41+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>INTG-TESTS: Add Tests for service by name and by port lookups
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e76849bab7502ea8a3971b3b82c89389e91d3dee">e76849ba</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2025-01-20T18:05:44+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: ldap search base does not fully limit the Netgroup search base
ldap search base does not fully limit the Netgroup search base
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d2232139a2b9453f28824714c8b04b9e9f554df9">d2232139</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-01-22T13:29:11+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: Fix coverity label multiline conditional
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/afc643ddf6cd2cdcbd28e2952fdfa68c96c53c6b">afc643dd</a></strong>
<div>
<span> by Samuel Cabrero </span> <i> at 2025-01-23T16:21:15+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IFP: Restrict destination
> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Domains"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Users"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Groups"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Cache"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Components"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
> 'allow' directives must always specify a 'send_destination'.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/51bf667302646cbf9d6868e2c92450204cfd9632">51bf6673</a></strong>
<div>
<span> by SATOH Fumiyasu </span> <i> at 2025-01-24T10:51:23+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: sssd.conf file is owned by 'root:sssd' and mode is 0640
Additional fix for commit af65c00b9ca518a7769c05a41d5fc8208a2d133c
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9c65b89fd963f1b8433190765e531d5670b18cb3">9c65b89f</a></strong>
<div>
<span> by Dominika Borges </span> <i> at 2025-01-24T10:55:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>doc: improve description of ldap_disable_range_retrieval
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8e8342a2b8b52768ac93438031117d35cad8f437">8e8342a2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-27T12:32:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>certmap: remove stray export declaration
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a3ed676c11e06fd3eed2ec8109c7e10ffd3bc773">a3ed676c</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2025-01-27T12:34:05+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Test trasformation for netgroup with generic provider
Test trasformation for netgroup with generic provider
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9c0c9770170eb4f45e072e24c617293df507f458">9c0c9770</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-29T15:16:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Delete 'lib/sifp'.
:relnote:Previously deprecated `--with-libsifp` configure option and
'sss_simpleifp' library were removed.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e50d0fa4d7a8111ceba7609176044b087b0cb7a3">e50d0fa4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-01-29T15:16:37+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: remove C9S from platforms list.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/36b1d97b5fc3f5f552657832da7b2b0fc4bd043f">36b1d97b</a></strong>
<div>
<span> by Denis Karpelevich </span> <i> at 2025-01-31T14:10:27+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Parametrize sssctl tests 3.
- Combine various sssctl tests to the single parametrized tests.
test_sssctl__check_attribute_not_allowed_in_sssd merges tests:
test_sssctl__check_misplaced_option
test_sssctl__check_ldap_host_object_class_not_allowed_in_sssd
Signed-off-by: Denis Karpelevich <dkarpele@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cf650328632ae25ad7c8947918988500081b7822">cf650328</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-04T12:00:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Get rid of 'local_negative_timeout' config option
since 'files provider' is being removed.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/827a9bffacc500fbfc71c6454285298dc99982a3">827a9bff</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-04T12:00:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Delete 'files provider'
:relnote:Previously deprecated `--with-files-provider` configure option
and thus support of 'id_provider = files' were removed.
For those who still were building SSSD with this feature: see
https://sssd.io/docs/files-provider-deprecation.html for replacement
details.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a71f9a6cb448c50e0a856b06636cca91458baca8">a71f9a6c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-04T12:00:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: verbosity
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/003c699b4b3df4cb95c7998c27fb22c637898639">003c699b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-04T12:00:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: fix issue reported by 'black'
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/196ad92ab88c52415f5bfd18897b0733b9960fb0">196ad92a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-04T12:00:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fixed a mistype
CONFDB_RESPONDER_CACHE_FIRST_DEFAILT -> CONFDB_RESPONDER_CACHE_FIRST_DEFAULT
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7f1b7c9689827df92e8b2166423d4e80688dbacb">7f1b7c96</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-07T11:26:38+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: fix memory leak
The copy of 'secret' argument - `secret_val.data` - was left hanging
on `sss_sec_ctx`, effectively resulting in a memory leak.
But this copy isn't actually required as this data isn't modified in
below operations.
Skipping alloc+memcpy+erase is also beneficial performance wise.
:fixes:'sssd_kcm' memory leak was fixed.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fdf0b500ac7286d6f194afc83068d35066f54278">fdf0b500</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2025-02-09T13:24:16+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Fix test_008_wildcardsearch for RHEL10
Communication between client and master is encripted we have to set "ldap_start_tls = Failse" to make the communication human readable
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2a40db33aebe0b4cdd0d7b9a48f0fd87a4758650">2a40db33</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-10T20:46:57+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: remove unreachable code
At 'immediately:' when condition (ret == EOK) is met,
'refresh_timeout' can't be 'true', so code can't be reached.
It was different before 827a9bffacc500fbfc71c6454285298dc99982a3
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5e16c957f212f7f71ed9e34a7f0dfab5f4350d6d">5e16c957</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-11T14:54:04+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MONITOR: remove nscd conf check
:packaging:'--with-nscd-conf' ./configure option was removed.
:relnote:During startup SSSD won't check NSCD configuration to issue
a warning in a case of potential conflict.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/062e8ab6b013f309ff0a6eb76f561d454b2d15c6">062e8ab6</a></strong>
<div>
<span> by Denis Karpelevich </span> <i> at 2025-02-12T11:27:02+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Parametrize sssctl tests 2.
- Combine various sssctl tests to the single parametrized tests.
test_sssctl__check_invalid_semantic_in_section_name merges tests:
test_sssctl__check_missing_id_provider
test_sssctl__check_invalid_id_provider
test_sssctl__check_special_character_in_option_name
test_sssctl__check_special_character_in_domain_name
test_sssctl__check_invalid_sssd_section_name
test_sssctl__check_invalid_syntax_in_section_name merges tests:
test_sssctl__check_missing_equal_sign
test_sssctl__check_missing_closing_bracket
test_sssctl__check_missing_opening_bracket
Dropped tests:
test_sssctl__check_special_character_in_section_name
test_sssctl__check_forward_slash_missing_in_domain_section
test_sssctl__check_invalid_pam_section_name
test_sssctl__check_invalid_nss_section_name
Signed-off-by: Denis Karpelevich <dkarpele@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9e72bc242b600158d7920b2b98644efa42fd1ffa">9e72bc24</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-12T15:19:34+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>KCM: another memory leak fixed
```
...
talloc_new: src/responder/kcm/kcmsrv_ccache.c:405 contains 0 bytes in 1 blocks (ref 0) 0x563feaabc0a0
talloc_new: src/responder/kcm/kcmsrv_ccache.c:405 contains 0 bytes in 1 blocks (ref 0) 0x563feaa84f90
talloc_new: src/responder/kcm/kcmsrv_ccache.c:405 contains 0 bytes in 1 blocks (ref 0) 0x563feaabf520
...
```
Reviewed-by: Alejandro López <allopez@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/164df110124c9c0917a9184529e5f170fde5f9a4">164df110</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-13T13:41:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>BUILD: introduce "--with-syslog=stderr" option
to be used in containers-like environments where
no system wide logger is available.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4ed56e58d0d3e087597459e87fff3b5cad669ac2">4ed56e58</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2025-02-13T15:37:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Rename test_misc.py to test_all_misc.py
Individual test suite `test_misc.py` is green but need to troubleshoot why getting failures once we run with alltests.
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/463bf25a151448ce5bc7ec8647621716b36c90e5">463bf25a</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-13T15:38:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: Have coverity workflow run against PR code
Checkout the head of the pull request code instead of the
target branch, this is needed when using `pull_request_target`
workflow.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/537e586ba71672ec5e8167283230bc5783d81770">537e586b</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2025-02-14T11:46:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>failover: Make failover work over IP families
Originally the option ipv4_first and ipv6_first was taken into account
when resolving IP address.
When both families are resolvable but the primary is blocked on
firewall, the SSSD should try the secondary family before giving up.
:relnote:SSSD now attempts to connect to the server using a secondary
protocol if the server is not reachable using the primary one.
See the lookup_family_order option.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/894971b64eb23d606b57af3841b64cf5bc51a2d8">894971b6</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2025-02-14T11:46:14+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Check failover to secondary IP family
Test that IPA server is still reachable when primary
address family is blocked but secondary is working.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c36c320d12e48178b041d9859e3035f0c65c4909">c36c320d</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-14T19:35:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: fix issue found by Coverity
```
1614 D(("Illegal task [%#x]", task));
9. out_of_scope: Variable buf goes out of scope.
CID 530049: (#1 of 1): Resource leak (RESOURCE_LEAK)
10. leaked_storage: Variable rd going out of scope leaks the storage rd.data points to.
1615 return PAM_SYSTEM_ERR;
1616 }
```
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e87cc2c2788a333b058a29bd9487b683220ad1c6">e87cc2c2</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: Store IPA trust type
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8879cf88f9415d280c3ee72cb94dc5b88307e000">8879cf88</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Rename struct ipa_ad_server_ctx, and add id_ctx union member
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/70daa00913b6589c36d598563cb6f1ec2551e7fa">70daa009</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: Make ipa_service_init() like ad_failover_init()
Similar to AD server/service discovery initialization,
Allows callers to provide a service, and not just use "IPA"
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1b0c6203e090cdfdab452b13f8e395c8b56c889c">1b0c6203</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: Combine 1+2way trust options creation functions
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0862fcb83d28676dddd05cd83f91bc09ae013735">0862fcb8</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: Make ipa server ad* functions generic
IPA subdomain functions often include ad in the name, these functions
will now handle IPA and AD subdomains, not only AD.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dc7e28064510a39d84437ac5d544c43c5ef4e373">dc7e2806</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: Add ipa subdomain provider initialization
:feature:SSSD IPA provider now supports IPA subdomains, not only
Active Directory. This IPA subdomain support will enable SSSD
support of IPA-IPA Trust feature, the full usable feature coming
in a later FreeIPA release. Trusted domain configuration options
are specified in the 'sssd-ipa' man page.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4378ea626461ffc13e212f408e215dbd093f0ca3">4378ea62</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: Support ipa subdomain account info requests
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f085fe0d0d275a6970c631150652317168aba618">f085fe0d</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa s2n: Remove check for SYSDB_UPN
After b3d7a4f6d4e1d4fa1bd33b296cd4301973f1860c we no longer use
the 'upn' variable. During certain codepaths to ipa_s2n_save_objects()
SYSDB_UPN is expected to be missing, so no need to check for it.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4eb75cc3a97b321b8b20ba3d9b7e06f6dee4ee24">4eb75cc3</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: Rename ipa_create_ad_1way_trust_ctx()
This gets executed when a one-way or two-way trust ipa
is added. Rename this to avoid confusion.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b63321cc26e2ca8ffb0fb8161984f65ae51a925d">b63321cc</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Handle missing SID for user private group
SSSD goes offline in IPA trusted user look due to the IPA user private group:
[ipa_get_ad_acct_ad_part_done] (0x0020): [RID#7] Cannot find a SID.
In IPA-IPA trust, user private groups do not contain a SID. Lookup the
equivalent user object of the same name in IPA and use this SID instead.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/de4cea5cb8cad4c1f3c71e18c10420678ea54a33">de4cea5c</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa s2n: Ignore trusted IPA user private group
Don't fail when processing the IPA user private group retrieved
from the IPA server in a trusted user lookup. It is expected
this object will have no SID.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/129b54962b1e6259c4cc564a125c2dcbbbf610e9">129b5496</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>AD: Remove unused AD_AT_TRUST_TYPE attribute
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3c87b81177672bbddf6b6a8b856cbe6e6759ded2">3c87b811</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-02-17T12:37:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: IPA subdomain changes to sssd-ipa
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e2408c24655a2510e44b0a6dfd11f466d58a5fa3">e2408c24</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-02-20T10:18:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: suppress stderr of usermod
Reviewed-by: Alejandro López <allopez@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8477aa0658f5af5133a694bba09e0a68fbedc649">8477aa06</a></strong>
<div>
<span> by Andrea Bolognani </span> <i> at 2025-02-27T14:21:31+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>configure: Require valgrind-devel when valgrind is enabled
Currently we include <valgrind/valgrind.h> unconditionally to
access the RUNNING_ON_VALGRIND macro, which allows us to skip
one of the tests which is known not to work correctly under
valgrind.
However, if only the runtime part of valgrind in installed on
the system and the devel part is missing, this will result in
a very late compilation error. Checking for the header's
presence at configure time allows us to provide better
diagnostics, earlier.
More importantly, this makes it possible to build sssd at all
on architectures where valgrind is not yet available, such as
riscv64.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f3fdb4293c530b2cfe45b602146f9e918775040e">f3fdb429</a></strong>
<div>
<span> by David Abdurachmanov </span> <i> at 2025-02-27T20:40:56+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Properly check valgrind arches
Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f65d0eaa40b9b0d5e93d3eb44b2cfa018c39ba6b">f65d0eaa</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-03T12:46:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: fixed misleading messages
`ipa_check_keytab()` doesn't check keytab content / principal.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/228072105cccf2ae0b92dcf7f17edb9f7ad4a9c9">22807210</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-03T12:46:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: cosmetics
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9b6d8fe722c36419e01ee92faa8c54719df00623">9b6d8fe7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-03T12:46:19+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: don't bother checking keytab ownership
Consumers (ldap_/krb5_child) use 'cap_dac_read_search' anyway.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/95caf1aae869b330d6ca94380a03fd620b9f0c99">95caf1aa</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2025-03-05T09:52:12+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Pattern support for dyndns_iface option
:config:Until now dyndns_iface option supported only "*" for all
interfaces or exact names. With this update it is possible to use
shell wildcard patterns (e. g. eth*, eth[01], ...).
Resolves: https://github.com/SSSD/sssd/issues/6910
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8bfc88e49d9ac9d448c5ecfa80c7629c04cc64d4">8bfc88e4</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-05T09:53:22+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Get rid of '--with-conf-service-user-support' ./configure option
:relnote:Support of previously deprecated 'sssd.conf::user' option
('--with-conf-service-user-support' ./configure option) was removed.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3392a857c76ccb75e487ec122121cb5e071bff49">3392a857</a></strong>
<div>
<span> by Georgij Krajnyukov </span> <i> at 2025-03-06T13:51:59+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>P11_CHILD: Invert if statement to reduce code nesting
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8311d3cc8a1d9188310788e7aedfd9be92c3209c">8311d3cc</a></strong>
<div>
<span> by Georgij Krajnyukov </span> <i> at 2025-03-06T13:51:59+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>P11_CHILD: Implement passing const args to get_pkcs11_uri
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1b3d5d829c0201aa03621ff80f077787557508b4">1b3d5d82</a></strong>
<div>
<span> by Georgij Krajnyukov </span> <i> at 2025-03-06T13:52:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>P11_CHILD: Extract slot processing into separate function
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/782a6dd54967e7c2dd3013f7e68134ee8751ab88">782a6dd5</a></strong>
<div>
<span> by Georgij Krajnyukov </span> <i> at 2025-03-06T13:52:00+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>P11_CHILD: Make p11_child iterate over all slots
Resolves: https://github.com/SSSD/sssd/issues/5905
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/281d9c3ed66ee28a9572433a629eb0d72525ca46">281d9c3e</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: don't add group members if 'ignore_group_members == true'
Resolves: https://github.com/SSSD/sssd/issues/7793
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5e882b3660b733aca698ebea6999273b5a59e49e">5e882b36</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in sysdb_add_group_member_overrides()
Reorder checks in a more logical way.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/501663f2a54750d7a63fc0b48ac4f878060459fb">501663f2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in sysdb_add_group_member_overrides()
Avoid DN->str->DN conversion for a most common code path (i.e. "no overrides")
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6e01e4127eb762fcfb06bc5cf9aefd53359e3825">6e01e412</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in sysdb_add_group_member_overrides()
Don't bother with 'override_dn' in case (!expect_override_dn) at all.
It wasn't actually used in this case anyway, because condition
```
(ldb_dn_compare(res_members->msgs[c]->dn, override_dn) != 0)
```
naturally was false.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6c50506c4361d3f8672d1481c77a221212f23e39">6c50506c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: fix sysdb_add_group_member_overrides()
Skip only one member missing override, not all remaining.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a58aa915f7354e1b006978e8ed829b8cf2c860d2">a58aa915</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in sysdb_add_group_member_overrides()
Don't trace DN of every member - `ldb_dn_get_linearized()`
is heavy and is calculated even if debug level isn't set.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/108800dc9a42355c32fa6031d1b2c0bd4b7dc8ec">108800dc</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in sysdb_add_group_member_overrides()
Move code that adds a missing domain name to override name to
a separate function to make `sysdb_add_group_member_overrides()`
easier to read.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6aae3572af88e1ade4965d02387a50747030a7a7">6aae3572</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in sysdb_add_group_member_overrides()
Only search original name if it is really needed.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0a9ae2c2b23c003d3900048b20a7bc767784bf24">0a9ae2c2</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in sysdb_add_group_member_overrides()
No need to make a copy of override name.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f61b9bbb2d918f948f7bd60c8c541a9ead98bf37">f61b9bbb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: make `sysdb_get_user_members_recursively()` static
as it is only used in `sysdb_add_group_member_overrides()`
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ed6956e92d9b034ad774f3c2c090d86b7d18769f">ed6956e9</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-06T18:12:13+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in get_user_members_recursively()
Don't read unneeded attributes.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/af5e0b7053964e698d31cf04720408dc6b7d4ba7">af5e0b70</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-11T15:10:26+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>capabilities: check if cap is supported
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9f5636f71126b3d2d560b2873429e29c88bdfcdb">9f5636f7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-11T15:10:26+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>capabilities: don't rely on hardcoded set of supported capabilities
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0f01184904a79f37cee294c69177fd18421efa97">0f011849</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2025-03-11T15:10:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: rm intg ssh_pubkey
* multihost/ipa/test_misc.py functionally covers this scenario
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/764798d7ac0c3cdd879a76047e065db6f21c9901">764798d7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-14T17:35:41+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: package 'enable_sssd_conf_dir' as a part of 'sssd-krb5-common'
This is needed by sssd-ad/sssd-ipa that do not pull 'sssd-krb5'
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/add0ed1750ef06bb920da43f1ff88bf343a0cccd">add0ed17</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-03-14T17:37:32+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>platform.m4: Teach to look for struct xucred in addition to struct ucred
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/843aa089a738d0ac609b0d61e6d182cd7db5c0a6">843aa089</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-03-14T17:37:32+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Extend util_creds.h with xucred case
Use it to fix build of sss_client/common.c on FreeBSD.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/38fe14abbed6276e6014e374ad20a3afa17e32c9">38fe14ab</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-03-14T17:37:32+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Use LOCAL_PEERCRED option instead SO_PEERCRED where appropriate
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/150d2ee094d6d8e772b91ffacd56466aa0b64df6">150d2ee0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-14T17:37:32+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Move 'STRUCT_CRED' definition into standalone header
so that sss_client code doesn't pull selinux headers.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8edb14fade2f0a37c6454ddc05db72b3e8d0baa4">8edb14fa</a></strong>
<div>
<span> by fossdd </span> <i> at 2025-03-14T17:39:06+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MC: Use useconds_t instead of their reserved type
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8886a27b8ef80467b7a47cb558a70598b5e21092">8886a27b</a></strong>
<div>
<span> by fossdd </span> <i> at 2025-03-14T17:39:06+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>failover: Clarify message for local hosts file resolution failure
Remove usage of _PATH_HOSTS, which only exists in glibc
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/459cc6b15736a31741f302c7ef6a07b46f19b1c3">459cc6b1</a></strong>
<div>
<span> by fossdd </span> <i> at 2025-03-14T17:39:06+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: Define NETDB_INTERNAL if not already
NETDB_INTERNAL is a glibc quirk and doesnt exist in POSIX
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5c69acc93fec51a1978517384bf0a2fbfd11af79">5c69acc9</a></strong>
<div>
<span> by Ivan Korytov </span> <i> at 2025-03-21T13:12:18+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Update mock date to postpone timezone related failures
Because timezones can change throughout the years, mktime calculates timestamp according to a timezone valid at that date, but tzset uses current timezone and that can lead to an incorrect result.
Resolves: https://github.com/SSSD/sssd/issues/7209
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a7b3255f75b912e24f72de9b34cb985c415180e5">a7b3255f</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-03-21T13:48:25+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: Set proper domain basedn for subdomain options
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/655cd72a77fcdf0f0231ab9c7f1e1441b6c8cbb7">655cd72a</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2025-03-24T12:40:36+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: clarify %o and %h homedir substitution
Describe in more deteil how %o and %h homedir
override should be used in IPA-AD trust.
Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/39f37c9346bc9b31b655841686bdc9b6a9ea42e9">39f37c93</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in sysdb_add_group_member_overrides()
Skip function if group->memberUid is empty.
In this case there are no user objects in the cache that would have
memberOf == group->dn anyway.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b80deaeb5994dbc61af5f6eeecd08262d9921a08">b80deaeb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in sysdb_add_group_member_overrides()
Ensure that `get_user_members_recursively()` returns only POSIX users
via search filter. This avoids the need to populate and later check
SYSDB_UIDNUM attr.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9bc6dc57885f2ddb6b28ec6c7a46eb16381c4811">9bc6dc57</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: debug message fixed
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c7a979dc996fbdf8acac5b0cdebb193b0e49f520">c7a979dc</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in sysdb_add_group_member_overrides()
Don't read unneeded attributes from override_dn.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6b46b7a7bf5f9025ffbb82b5bc59a83f1023b80f">6b46b7a7</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SYSDB: update in get_user_members_recursively()
Replaced `sysdb_search_entry()` with `sysdb_cache_search_entry()`
to avoid `sysdb_merge_msg_list_ts_attrs()` that isn't needed here
(timestamps aren't used anyway).
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ca76b7c8f6029ccbf8fc1737fe328cfbb2c5e4b2">ca76b7c8</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DEBUG: a new helper that skips backtrace
if requested debug level isn't set. Meant to be used in hot (performance sensitive)
code paths only.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/47b25f068918560fae1ec9c59d48bbf0cc35da1d">47b25f06</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Avoid logging to the backtrace unconditionally in hot paths.
In case of reading a large group (comparable to entire cache) it accounts
for some non trivial CPU time (cca ~6..7%)
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/331908d182215c10780742f5beced095c4673620">331908d1</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: sss_parse_internal_fqname() optimization
'tmp_ctx' was removed as it wasn't really used anyway.
Code could be changed to make a real use of 'tmp_ctx': to avoid
touching '_dom_name' output arg if update of '_shortname' fails.
But this is quite unrealistic case and function is in a hot path,
so better to avoid unneeded memory manipulations.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6aa4b1e08975101d19676e2b34ab9773c4ce4004">6aa4b1e0</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: sss_parse_internal_fqname() optimization
Avoid unneeded strlen()'s
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/707825679790bc2b8f7cedfde674dd1650d22c46">70782567</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: sized_domain_name() optimization
Don't use sss_parse_internal_fqname() as domain name copy
isn't needed.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5cdfc54bdee32fe9d512dacac55a9c50dcab0d42">5cdfc54b</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: sized_output_name() optimization
Avoid alloc/free tmp_ctx. Not much benefits but a function
is in a hot path.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f101c1bb5e94677a2663a30b7fcb15d4edd5a9b5">f101c1bb</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: sss_output_name() optimization
Avoid unnecessary string copy.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0267cd976cc107d0b935e377d9bc3afee04ca8c7">0267cd97</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: delete sss_resp_create_fqname()
Function wasn't used since ed891c0c55985cd25de05f65e82debf4452987e1
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/83c0217c5df800719c8836fafa016ac4896027b5">83c0217c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: remake sss_*replace_space() to inplace version
There were no users of those functions that would need a new copy.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1641dfd5bc5caa3f6bf409cfa65a7ff396b03d4b">1641dfd5</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: delete sss_fqname()
Function is unused since 26c722d568b0061e0f1edb8d07093bf051d76083
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/804b22cfa9311eba71724f9e6a6442eb8e2a599b">804b22cf</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-03-24T12:44:30+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: sss_tc_fqname2() optimization
Scan format and alloc string once instead of talloc_strndup_append()
for every chunk.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4cb65932cbdefa424da459c9d4ed73561e3a9462">4cb65932</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2025-03-24T12:46:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>test: enumeration with # in the group name
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/158b4cdb7ac62fde1280f50a5d678f80d0e99015">158b4cdb</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2025-03-24T12:46:58+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Enumerate object with escaped characters in name
This patch fixes enumeration when DN in LDAP server
contains special characters.
The libldb expects that '\' is followed by two hex digits
in filter. Strings like '\#' must be sanitized into '\5c#'
before they are used for searching.
Resolves: https://github.com/SSSD/sssd/issues/7876
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fcc10871494ad57030e86d51b069f8550f4316b9">fcc10871</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2025-03-24T14:21:40+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Configure how SSSD should access RootDSE.
:config:New 'ldap_read_rootdse' option allows you to specify how
SSSD will read RootDSE from the LDAP server. Allowed values are
"anonymous", "authenticated" and "never"
Resolves: https://github.com/SSSD/sssd/issues/6665
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5cb26ed6ce0125af446ac2c1b2e54465eb50ee4c">5cb26ed6</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-03-24T16:22:54+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: include build description for covscan
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/36148c97cd06d335b985225da33526c50a808a4c">36148c97</a></strong>
<div>
<span> by André Boscatto </span> <i> at 2025-03-24T20:41:34+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: Updating sssd-simple(5) man page
After some tests and clarifying a few rules, there is an improvement in
the documentation to cover better the option and its impacts. Exploring
some rules together (allow and deny). Improving the example.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/aebb4e130bc3c43b05ced639ece598a0528a382c">aebb4e13</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2025-03-26T10:18:29+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: extending sss_override testcase to assert overridden user group memberships
* moving importance from medium to high
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4ef4241cce438ee8c1b2e084920e2c3261900d01">4ef4241c</a></strong>
<div>
<span> by Alejandro López </span> <i> at 2025-03-26T11:20:27+01:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SSH: Remove sss_ssh_knownhostsproxy and keep the stub
The --with-ssh-known-host-proxy option is removed from ./configure.
The tool sss_ssh_knownhostproxy is removed along with all the code
specific to it and its man page.
The stub displaying an error message is kept, and is the only thing
that is now built.
The RPM's post-install script deletes any remaining
/var/lib/sss/pubconf/known_hosts file.
:relnote: The deprecated tool 'sss_ssh_knownhostsproxy' was finally
removed, together with the './configure' option
'--with-ssh-known-host-proxy' used to built it. It is now
replaced by a stub which displays an error message.
Instead of this tool, you must now use 'sss_ssh_knownhosts`.
Please check the sss_ssh_knownhosts(1) man page for detailed
information.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/261191137e209dc79d0ed9660f0a670646c6d803">26119113</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-04-01T11:21:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: Use pull_request_target for conditional
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ed0af81a36130f823b07c408e8e7492b8b8663b1">ed0af81a</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-01T11:22:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>configure.ac: Check for the availability of the procctl() function
It is a FreeBSD analog for Linux' prctl()
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9bb4cf15bddff5107b33640593d45f6ee4042459">9bb4cf15</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-01T11:22:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Introduce util/sss_prctl module to abstract out process controlling API
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3d4d9c48dbc3edb764b666f627501e386d9bf8bf">3d4d9c48</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-01T11:22:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Make use of sss_prctl_* throughout the codebase
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cc48ad5bac50b51bf395147d4098b2a43708ca4b">cc48ad5b</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-01T11:22:07+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add a reference to FreeBSD procctl into sssd.conf(5) manpage
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a3ad066c0b7f1dd8ebabe86c22f3477fec589e00">a3ad066c</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2025-04-03T15:25:00+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>failover: fix fo_is_ip_address check
For checking IPv6 address we need sockaddr_in6 structure.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4deee59a30c4d619fcd0c08e32a8c0614e550a24">4deee59a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-04-07T11:46:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: relax Samba version req a bit
Samba version check is there to avoid cases when users upgrade
SSSD but do not upgrade samba-libs. Sometimes this can result in
difficult-to-debug issues when the gap is too wide.
On the other hand, too strict check often bites: when a buildroot
has a new Samba that isn't yet available otherwise, it becomes
impossible to install SSSD due to unsatisfied deps.
Requiring for %{version} part only looks like a reasonable compromise.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/08a3c410b626d5e7844cd2f01c1aff0d9586a742">08a3c410</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2025-04-09T16:25:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding generic password change tests
* user is forced to changed password at login
* user logins and issues a password change
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f8f7f843d48ff1561eb49faaceab405c3255babb">f8f7f843</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2025-04-09T16:25:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: removed overlapping test scenarios from authentication tests
* few scenarios have been removed
* ppolicy tests have been made into ppolicy tests only, since normal ldap is covered by the generic provider now
* renamed some of the test cases
* removed su from a password change test
* removed some test cases that are now covered by the new test cases
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/53b26af6f4e4395c5b70840ad198d6f14e0576ea">53b26af6</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2025-04-10T11:27:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Update mhc.yaml for relocated /data and /enrollment
For RHEL image mode we need to move these dirs from root as it
is read only to /var.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/536f7fcdce240d0dfe840eb0e0dd6d647e1085f2">536f7fcd</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2025-04-10T11:27:54+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Move /exports to /var/exports for autofs tests
We need to move the directory from read only root to make it
work in RHEL Image Mode.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dbe820049dc0b65d6bed7b0e9f8d1112360a3e0f">dbe82004</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-10T13:20:49+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix build on FreeBSD by including sys/socket.h
According to POSIX standard [1] it is sys/socket.h header that defines
AF_UNSPEC and SOCK_STREAM.
[1] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_socket.h.html
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dfceb68dd8350f53555e3715fb03f2d8bfe988eb">dfceb68d</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-10T13:20:49+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Use cli_creds_get_*() helpers wherever possible
While there, fix typo in the definition of cli_creds_get_gid()
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/481fa1bf611a89c2b862c8faed077b511dd2a62e">481fa1bf</a></strong>
<div>
<span> by Madhuri Upadhye </span> <i> at 2025-04-10T19:53:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Test: Add IPA ID view override test cases
Added following test cases:
1. Verify an IPA ID view can override a user attribute on the client
2. Verify an IPA ID view can override a group attribute on the client
3. Verify members of a group and membership of user with override attributes
4. Verify that an ID view can append a user certificate
5. Verify ID view apply on server
Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/923ec509b5969631aa602de7dddfdcd3e24be0a5">923ec509</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-04-11T17:38:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DB: skip sysdb_add_group_member_overrides() completely
if no view defined and this is not IPA domain.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/60f384436b63be73121f58a474d41dfe8af0ab8b">60f38443</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-04-11T17:38:18+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>DB: don't provide 'expect_override_dn' to `sysdb_add_group_member_overrides()`
since it can be deduced from 'domain' argument.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ee1c2d1779507f20bc63beb66077ccbcb4635970">ee1c2d17</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-04-14T10:40:45+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: mark non string array properly
Fixes:
```
../src/util/crypto/libcrypto/crypto_sha512crypt.c:48:5: error: initializer-string
for array of 'char' truncates NUL terminator but destination lacks 'nonstring'
attribute (65 chars into 64 available) [-Werror=unterminated-string-initialization]
48 | "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4f9a7dcd5d5c472482b0de93da545984809fcdba">4f9a7dcd</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-14T16:57:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pam: Add option to allow changing auth token when running as root
:config: The pam_sss.so module gained a new option named "allow_chauthtok_by_root".
It allows changing realm password for an arbitrary user via PAM when invoked by root.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d61ba818d0fc0a07e80b9df05c2612203effe134">d61ba818</a></strong>
<div>
<span> by André Boscatto </span> <i> at 2025-04-15T11:20:39+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Add access control simple filter tests
Added 4 tests for access control simple filter using the new testing framework
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fd562676c2f861235778c84885e3588ff85b2122">fd562676</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-04-16T09:38:31+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: return ENOENT if `ipa_get_config` yields nothing
and handle this error code properly.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ae59f29929ca58b903c17246100067a8e020c773">ae59f299</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-04-16T09:38:31+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>IPA: ipa_get_config_send() was updated
to require list of attrs explicitly.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/70ab0c0d0f2f4050b22bd8174aebb70c6227cdd6">70ab0c0d</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-04-22T15:05:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>man: add missing third option of ad_machine_account_password_renewal_opts
Resolves: https://github.com/SSSD/sssd/issues/4646
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/92697d4673f3663a00e087815ccc9534d7cf2c58">92697d46</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-04-22T15:05:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ad: use realm renew for keytab renewal
Currently SSSD is using adcli to refresh a keytab. Sine adcli is
directly started by an SSSD process this process must have the
permissions/capabilities to update the keytab file. With SSSD running as
unprivileged user the attempt to update the keytab might fail.
With this patch SSSD can use the realm command as well to update the
keytab which will send the request to the realmd daemon which has
permissions to update the keytab.
:config: New optional fourth value for AD provider configuration option
ad_machine_account_password_renewal_opts to select the command to
update the keytab, currently 'adcli' and 'realm' are allowed values
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4c183b1f3252eba290bedfa3a367ae8128e46aec">4c183b1f</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-04-22T15:05:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>utils: add non-blocking read from child processes
When calling 3rd party child processes we have no control about how the
child sends its output and if the child might trigger a call to SSSD. To
avoid a deadlock, SSSD backend waiting for I/O from the child and child
waiting for responds from SSSD, SSSD should use non-blocking calls when
reading from the child.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/44ecd452574a24c9af2c12ff7e4cd929d6b7a75b">44ecd452</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-04-22T15:05:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>configure.ac: add option for realm and adcli paths
To be able to change the paths for the adcli and realm helper utilities
for keytab renewal the options --with-adcli-path and --with-realm-path
are added
packaging: --with-adcli-path and --with-realm-path configure options are
added for platform where those tools are installed in dedicated paths.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/596bc5fb8e0760c26293304f404069c0e986f534">596bc5fb</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-04-23T10:33:13+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sdap: include sub-domain memberships in updates
While looking up group memberships from the cache only groups from the
user's domain were taken into account because of the cache search base.
As a result memberships in other domains were not updated.
With this patch the whole cache is searched and hence memberships from
all domains will be updated.
Resolves: https://github.com/SSSD/sssd/issues/7921
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/bf79a15979c342297cad76c254841441687f3dec">bf79a159</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-24T09:48:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>configure.ac: Introduce --disable-linux-caps arg to make capabilities optional
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8008a2a82e93e0e3dc36efb38d1fd66f614a4f59">8008a2a8</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-24T09:48:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Only include <sys/capability.h> if the header is present
Otherwise add stub defines to allow the code consuming this header to compile.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f566a3a8e797a41f9dfaaa38018b5f9a5275a733">f566a3a8</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-24T09:48:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add stub implementations for functions from capabilities.c if caps aren't available
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0b4a68a1ba936460cbc0cb58187c7be6a4f291df">0b4a68a1</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-04-24T09:48:20+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Properly check the returning value of sss_set_cap_effective() calls
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a0f19feb13fb037cc94767ab9b5766ae50711a44">a0f19feb</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-04-24T09:48:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: grab ipa logs from ipa host
...to allow debugging IPA failures.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d0bfa08d8557e0a442b46202eba8e685b8a08093">d0bfa08d</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-04-24T09:48:44+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: print duration of each test case
We recently stumbled on very slow test runs on Fedora 42 where it
finished hours later then other distrubitions or timed out completely.
Pytest with --durations=0 prints duration of each test case which can
help us identify problematic test in the future, if the slow down is
caused by specific test cases.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/215a05340bc38bc938715ce6df21e4d83065d36c">215a0534</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-04-29T17:24:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss-idmap: add support for more general POSIX id-mapping
Add new calls to libsss_idmap which should allow POSIX id-mapping for
more general sources like IdPs as well and not only Active Directory
based sources.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a27154b75f48e10cc440a44ef5a17732573be31c">a27154b7</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-04-29T17:24:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss-idmap: add normalize and casefold options
If for id-mapping from a general source a string is used as input for
the murmurhash based offset calculation it might be important that
different UTF8 representations of the same string will lead to the same
ID (normalize) or that the case of the string does not matter for the ID
calculation (casefold).
By default normalization is enabled while casefolding is not.
:packaging: A new dependency to libutf8proc is added
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0dfd05798b58a5ba0400c7cc303455d831c0f0fb">0dfd0579</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-04-29T17:24:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>idmap: rename comp_id() to compute_id()
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5b4f9466d151a8df7244357980e67df8ffb59c46">5b4f9466</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-04-29T17:24:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>idmap: update doxygen config
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8c3074a97b4a80d74f8d7a8fc3b6e0d8e0d12fb1">8c3074a9</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-04-29T17:24:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss-idmap: update library version
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2cf2e83a223f0eb74bd81a7fcaf726c62d577719">2cf2e83a</a></strong>
<div>
<span> by Tomas Halman </span> <i> at 2025-05-02T21:03:27+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>p11_child: Add timeout parameter
p11_child communication with OCSP server may take a long time
because of network issues. Then p11_child is killed after
`p11_child_timeout` and the authentication fails.
This is not desirable when `certificate_verification` is
set to `soft_ocsp`. This update will pass the timeout to the
child process so it can cancel the OCSP verification
before it is terminated.
Resolves: https://github.com/SSSD/sssd/issues/6601
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/606cf44f0d5a1160cf8bfb6646fdbe2f68d008ae">606cf44f</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-06T17:49:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Use MAXHOSTNAMELEN as HOST_NAME_MAX if available
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e13ca3aba5356a7237b9a332a8c62f98306eab3d">e13ca3ab</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-06T17:49:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Don't do setsockopt(TCP_USER_TIMEOUT) on systems that don't have it
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2f6c83a22217fdebf24df82b378aaab00f3c4395">2f6c83a2</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-06T17:49:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Include <sys/socket.h> because the code uses AF_INET
Fixes build on FreeBSD
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d6da04d801afd57c3efe5d0a02eb9782f2819a66">d6da04d8</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-06T17:49:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix build on systems that do not have pam_ext.h
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8672fba0cc2cedb8c91eb010298316fb12f42540">8672fba0</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-06T17:49:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Use cross-platform pthread_self() instead of Linux-specific SYS_gettid()
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fe10f5e6ded46810fe738121f337b99ff642e595">fe10f5e6</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-06T17:49:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Add an implementation for pam_modutil_getlogin() for systems that do not have it
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c85ab24a4399b13fa5b97981bb0c8fe888aaae0e">c85ab24a</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-05-07T11:36:03+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>certmap: allow prefix in rule in sssd.conf
The current check for certificate mapping rules coming from sssd.conf is
too strict. Only rules which starts and ends with '(' and ')'
respectively are allowed. As a result new mapping templates with the
LDAPU1 prefix cannot be used.
With this patch prefixes are allowed as well. An existing integration
was was updated to cover this.
Resolves: https://github.com/SSSD/sssd/issues/7931
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ad7dc210f79e9b521ff26449d10a0348debff4a8">ad7dc210</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-05-09T11:13:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: fixes following issue:
```
Error: RESOURCE_LEAK (CWE-772):
sssd-2.9.1/src/responder/pam/pamsrv_gssapi.c:750: alloc_arg: ""gss_accept_sec_context"" allocates memory that is stored into ""client_name"".
sssd-2.9.1/src/responder/pam/pamsrv_gssapi.c:806: leaked_storage: Variable ""client_name"" going out of scope leaks the storage it points to.
# 804| gss_release_buffer(&minor, &output);
# 805|
# 806|-> return ret;
# 807| }
# 808|
```
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6ee49e6177330a30938a53465fe826c988990076">6ee49e61</a></strong>
<div>
<span> by shridhargadekar </span> <i> at 2025-05-14T13:11:42+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: add importance marker for sssctl analyze
Adding marker for the sssctl analyze tests.
Reviewed-by: Anuj Borah <aborah@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e50533d6610776e876afb87feb74fd799f7cb18b">e50533d6</a></strong>
<div>
<span> by Justin Stephenson </span> <i> at 2025-05-14T13:13:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Workaround PTR record lookup failure
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/81a377ded2a7240b9eeea1ae4846458251979be7">81a377de</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-05-16T08:33:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Consolidate utf8 strings operations to libunistring
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4cc856ee870c115e7382b17f3004d86b420a3420">4cc856ee</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-05-16T15:15:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SBUS: use ENETUNREACH instead of ENONET
- it looks a better fit for
```
No network access (probably ENETUNREACH on a socket).
```
(see https://dbus.freedesktop.org/doc/api/html/group__DBusProtocol.html)
- it is more portable (for example, FreeBSD doesn't have ENONET)
Currently this specific error code isn't handled anywhere, so
replacement should be ok.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/180bf1fc7cd4bb5244c5d7576cacc3b1b2f4427c">180bf1fc</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-05-16T15:15:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CLIENT: use ETIMEDOUT instead of ETIME
```
ETIMEDOUT 110 /* Connection timed out */
ETIME 62 /* Timer expired */
```
`ETIMEDOUT` fits better and is more portable.
Wrt different codes returned by 'idmap' -
https://github.com/freeipa/freeipa/blob/master/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
doesn't make any difference between ETIMEDOUT and ETIME anyway.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8accd047697f2e232306d2e2a92793d5607106cb">8accd047</a></strong>
<div>
<span> by Alexander Bokovoy </span> <i> at 2025-05-16T16:32:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>oidc_child: fallback to ID and access tokens when looking up configured user identity
Some IdPs do not provide all attributes as requested by the claims in
userinfo response. They, however, provide them in either ID or access
tokens. Fall back to one of those if possible, in order to find the user
identity based on the attribute specified by the caller.
One example of such behavior is Entra ID:
https://learn.microsoft.com/en-us/entra/identity-platform/userinfo#userinfo-response
> You can't add to or customize the information returned by the UserInfo endpoint.
Make sure we put the right token description when producing debug
information as well, to help seeing where the user identifier is coming
from.
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/95f1a9c573112372d0dca6cfcc6ab1c08b0b804b">95f1a9c5</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-05-16T16:32:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>oidc_child: change verify_token() to decode_token()
Signed-off-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5f7df39956a5e7c02f0246eb498a452f703af8b3">5f7df399</a></strong>
<div>
<span> by Michael Stone </span> <i> at 2025-05-17T11:14:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>return here so MINOR_FAILURE isn't auto-promoted to FATAL_FAILURE
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9553c78fcaa15b1608b6ff425aad59dcc1f5d647">9553c78f</a></strong>
<div>
<span> by Michael Stone </span> <i> at 2025-05-17T11:14:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>make log line match preceeding function name
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/93f9db57a34618f02f1f3edd454b1b9760c80802">93f9db57</a></strong>
<div>
<span> by Michael Stone </span> <i> at 2025-05-17T11:14:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>add SSS_AUTHTOK_TYPE_PAM_STACKED
Makes explicit the fact that a credential obtained by use_first_pass from the
pam stack is neither an SSS_AUTHTOK_TYPE_PASSWORD nor an
SSS_AUTHTOK_TYPE_2FA_SINGLE, but rather a Schrodinger's cat whose status can't
be determined until it is used.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b4baf8add4e3b35dfbf26e62dd4311748dfdfc3b">b4baf8ad</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2025-05-19T08:08:06+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add proxy provider test cases for SSSD
1. Domain separation with nslcd restart:
- Verifies proper user isolation when switching nslcd configurations
- Tests that users are only visible in their configured domain
- Validates the workaround for nslcd's lack of multi-instance support
2. Offline authentication with cached credentials:
- Tests credential caching functionality
- Verifies authentication works when backend is unavailable
- Validates SSSD's offline mode behavior
3. Case preserving username handling:
- Tests case preservation with case_sensitive=Preserving
- Verifies all case variants match but preserve original case
- Validates authentication works across case variants
4. Case insensitive username handling:
- Tests case normalization with case_sensitive=false
- Verifies all case variants return lowercase usernames
- Validates authentication works across case variants
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dc3165c353e7d9ce4834d7899475f2405bc76eeb">dc3165c3</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-05-20T10:32:14+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Revert "sdap: include sub-domain memberships in updates"
The reverted patch causes performance issues for AD users with a large
number of IPA group memberships.
This reverts commit 596bc5fb8e0760c26293304f404069c0e986f534.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ad30eb74e6eb40a601e080bb669ddf9a482883c0">ad30eb74</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-05-22T10:46:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>CI: drop "missingInclude" from cppcheck
This check doesn't provide much value (really missing headers will
make build to fail anyway), but generates a lot of noise, giving
tons of false positive complains.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0c2fef80292a6207668047b570b3624536d0a3d8">0c2fef80</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-22T10:47:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Define ENODATA if it isn't available
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/58cced880c0fd666dd72b80a36a2544dcf0ec263">58cced88</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-22T10:47:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Include config.h before checking for HAVE_ERRNO_T
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/641ef4823e76ef9829d3dc42a2fa21d35d9c8ef1">641ef482</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-22T10:47:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Define ELIBACC and ELIBBAD if they aren't available
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/889b1cddf027a41208b448e512fd4bc35a3199c9">889b1cdd</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-22T10:47:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Include pam_appl.h due to pam_get_item() usage
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/dc252b72acac33115600aed352fa8fd1a9690ece">dc252b72</a></strong>
<div>
<span> by Gleb Popov </span> <i> at 2025-05-22T10:47:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix the in-house pam_modutil_getlogin() implementation
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3d278ec5d6a41e51a9d31d646cc165a25d63f108">3d278ec5</a></strong>
<div>
<span> by aborah-sudo </span> <i> at 2025-05-23T12:56:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add Infopipe tests for group properties, membership changes, and user attributes
- Implement test_infopipe__lookup_group_and_properties to verify group name, GID, and members via Infopipe.
- Add test_infopipe__lookup_returns_latest_group_membership to validate dynamic group membership updates.
- Introduce test_infopipe__lookup_user_attributes to check retrieval of custom user attributes.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8d7e505697e6e1907c3db6fd041da11130a4b4ae">8d7e5056</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-05-28T16:54:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Move 'sss_python.*' under 'src/python'
as it's not used outside.
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/3a7776b840e88de3e625bfc25a8995eeb0534c96">3a7776b8</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-05-28T16:54:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Consolidate all Python related includes to 'sss_python.h'
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/11e388e8f3d00b28f1151d22823d577cc53132b7">11e388e8</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-05-28T16:54:09+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Make sure "Python.h" is included last.
Otherwise Python headers set _POSIX_C_SOURCE=200809 thus leaving 'errno_t'
undefined on FreeBSD.
Resolves: https://github.com/SSSD/sssd/issues/4997
Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ab8342770bc832bc36aaf770e560e7f44460d2a4">ab834277</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2025-05-28T16:57:23+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding preferred topology markers to select tests
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6f09d3f050b36513963405ebceed84e25d893260">6f09d3f0</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-05-30T13:04:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>oidc_child: add more JSON helpers
Some helpers are added to extra values from JSON strings returned by
IdPs while looking up user and group information via a REST API.
Resolves: https://github.com/SSSD/sssd/issues/7229
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/133a13b76ef8302d0409ffaf56f0d2cc1e4c0511">133a13b7</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-05-30T13:04:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>oidc_child: add user and group lookup
oidc_child can now lookup user and group attributes from Keycloak and
Entra ID.
Resolves: https://github.com/SSSD/sssd/issues/7229
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9a2b031a03889b83d2447bdc8e68633057e09167">9a2b031a</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-05-30T13:04:21+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>oidc_child: inital tests for user and group lookups
This patch should just illustrate how the user and group lookups of
oidc_child can be tested.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ae32bbcdcc4ebec3dfa1b0a784949b9a139685dc">ae32bbcd</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-05-30T17:57:19+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>MAN: remove mention of a 'local domain'.
'local domain' was removed in 3e94b64daa7638fb53e3f527d4308d9d1875c517
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8be4055714940045c09d494260f39751691c5770">8be40557</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-05-31T11:06:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>oidc_child: fix issues found by Coverity
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/41a0df2d41a867afab7ae05379cebe4de35a4391">41a0df2d</a></strong>
<div>
<span> by André Boscatto </span> <i> at 2025-05-31T11:08:41+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>TESTS: Add tests to cover access control access_filter (AD/LDAP)
Added 5 test cases to cover AD and LDAP access_filter conditions using
the new testing framework
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/449f4c1aa394d26724a18053f8c4828b4b6ea39d">449f4c1a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-06-03T15:39:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTIL: add a helper to print libldap diagnostics
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7eee7154f85493ae1def502bb7856e5bb5adde2f">7eee7154</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-06-03T15:39:57+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>LDAP: debug fail of ldap_set_option(LDAP_OPT_X_SASL_NOCANON)
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6d115a7a453d85bbaa816d244450e7d5fb0530a7">6d115a7a</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-06-03T15:39:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Replaces usage of 'sss_ldap_get_diagnostic_msg()'
with 'sss_ldap_error_debug()'
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6d5b65046d8489d2062de97b7c0b1def227ef5ac">6d5b6504</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-06-03T15:39:58+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>UTILS: removed ununsed 'sss_ldap_get_diagnostic_msg()`
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0fc6768c6ae1d788d53981d4d01e562b38c1ed00">0fc6768c</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-06-04T10:01:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>RESPONDER: skip mem-cache invalidation
if mem-cache is explicitly disabled
Resolves: https://github.com/SSSD/sssd/issues/7981
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7a2f9395c7d822be28054c0dd9827d852ccaed23">7a2f9395</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5 idp: make sss_idp_oauth2_decode public
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/578ae63b71b34d8107cadee474c40e7ffba92b9f">578ae63b</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: make k5c_attach_oauth2_info_msg() shareable
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/810d41e02a3efd38b7e01b9057117e290094017a">810d41e0</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>utils: make child_exited() public
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9be8604e6ed4f8f83c113c022dae6de430951d23">9be8604e</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>utils: make child_terminate() public
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ed68410d43f0838da3b656e3ab82a71ba30bd9b3">ed68410d</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>utils: make activate_child_timeout_handler() public
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cf3a1d85ec97e7103badcdcf9e41023f1a71ebb0">cf3a1d85</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>idp: initial implementation of IdP id provider
This patch implements an id and auth provider for SSSD for generic REST
and OIDC/OAuth 2.0 based Identity Providers (IdPs). This initial
implementation supports Keycloak and Entra ID as IdPs. In both cases an
IdP client and its credentials are required to allow user authentication
and provide access to the IdP's REST based user and group management.
:relnote: New generic id and auth provider for Identity Providers
(IdPs), as a start Keycloak and Entra ID are supported. Given suitable
credentials this provider can read users and groups from IdPs and can
authenticate IdP users with the help of the OAUTH 2.0 Device
Authorization Grant (RFC 8628)
:config: The id_provider and auth_provider options support a new value
'idp'. Details about how to configure the IdP provider can be found in
the sssd-idp man page.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b1cc4da87c60e7b99ca7c28f0962513db0ff02f1">b1cc4da8</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>confdb: idp provider uses MPGs by default
By default IdPs do not support POSIX attributes so it makes sense to use
user-private groups by default.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/66b062f7584feda7b51c4216fb1c4a52ea09d792">66b062f7</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>idp: man page for SSSD's IdP id provider
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c16c13c557fa047338a59bc355092948d13955c4">c16c13c5</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>idp: add configure option to disable IdP provider
If the IdP id provider is not needed in an environment its build can be
disabled with the new configure option '--with-id-provider-idp=no'
:packaging: new configure option '--with-id-provider-idp' to enable and
disable building SSSD's IdP id provider, default is enabled.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d8842a7085d5ddb82453d7a2abae914bc838d84a">d8842a70</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>idp: add basic options to tune id-mapping
The options idmap_range_min, idmap_range_max and idmap_range_size are
added to modify the default for the POSIX ID-mapping.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f529886370fce15242259d4758d80d2af2c9acb8">f5298863</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: initial IdP provider tests
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2f6c9b043768da1318b343259f2f481813d9a63f">2f6c9b04</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-06-04T10:46:40+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>idp: add support and test for ignore_group_members option
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0c5c7538b4f9d7d05288ce735a8afdd7470adffd">0c5c7538</a></strong>
<div>
<span> by Weblate </span> <i> at 2025-06-04T16:16:37+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>po: update translations
(Spanish) currently translated at 97.8% (733 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Chinese (Traditional) (zh_TW)) currently translated at 0.2% (6 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/zh_TW/
po: update translations
(Chinese (Traditional) (zh_TW)) currently translated at 6.8% (51 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_TW/
Added translation using Weblate (Chinese (Traditional) (zh_TW))
po: update translations
(Italian) currently translated at 100.0% (749 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/it/
po: update translations
(Spanish) currently translated at 97.8% (733 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Spanish) currently translated at 97.4% (730 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Spanish) currently translated at 65.0% (1822 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/es/
po: update translations
(Spanish) currently translated at 96.6% (724 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Spanish) currently translated at 82.1% (615 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
po: update translations
(Swedish) currently translated at 100.0% (2799 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 100.0% (2799 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 100.0% (2799 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 99.7% (2792 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 99.7% (2792 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 99.6% (2789 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
po: update translations
(Swedish) currently translated at 100.0% (749 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
po: update translations
(Czech) currently translated at 9.2% (260 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/
po: update translations
(Czech) currently translated at 6.8% (192 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/
po: update translations
(Czech) currently translated at 6.8% (192 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/
po: update translations
(Czech) currently translated at 6.7% (190 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/
po: update translations
(Czech) currently translated at 6.7% (190 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/
po: update translations
(Czech) currently translated at 6.7% (190 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/cs/
po: update translations
(Czech) currently translated at 97.0% (727 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
po: update translations
(Czech) currently translated at 96.6% (724 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
po: update translations
(Czech) currently translated at 96.5% (723 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
po: update translations
(Czech) currently translated at 96.5% (723 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
po: update translations
(Polish) currently translated at 100.0% (749 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
po: update translations
(Italian) currently translated at 15.7% (118 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/it/
po: update translations
(Finnish) currently translated at 10.4% (78 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/
po: update translations
(Finnish) currently translated at 3.5% (99 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/fi/
po: update translations
(Finnish) currently translated at 3.5% (98 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/fi/
po: update translations
(Ukrainian) currently translated at 100.0% (749 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
po: update translations
(Ukrainian) currently translated at 100.0% (749 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
po: update translations
(Turkish) currently translated at 100.0% (749 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
po: update translations
(Russian) currently translated at 100.0% (2799 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ru/
po: update translations
(Russian) currently translated at 100.0% (749 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
po: update translations
(Ukrainian) currently translated at 100.0% (2799 of 2799 strings)
Translation: SSSD/sssd-manpage
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
po: update translations
(French) currently translated at 100.0% (749 of 749 strings)
Translation: SSSD/sssd
Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/de84e5721f727b643bbf119632b528e4316bac5b">de84e572</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-06-04T16:27:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>idp: add sssd-idp.5.xml to po4a configuration
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b9cdd65b7d404ac54b607b3d14a537c9a59b6052">b9cdd65b</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-06-04T16:29:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pot: update pot files
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c5eb5b141cd2083d6c8681cf1e5ba6e5200186c8">c5eb5b14</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2025-06-05T12:14:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>adding pytest markers to help keep track of transformation status
Reviewed-by: Andre Boscatto <aboscatt@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit 2d0291da7dbf3dda274e3921c61511b9293b13f3)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/c34e24cc3efca524f7cb5f403640df2b6fe7817e">c34e24cc</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2025-06-05T12:14:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: skipping simple access control tests that have been rewritten.
* found a missing test scenario that has been planned
Reviewed-by: Andre Boscatto <aboscatt@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit 6f9aed5a3ea6534ebe279806e0ef6da795c38354)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4c3ce67736cce1284ca2b44fdea8522f20baeebb">4c3ce677</a></strong>
<div>
<span> by fossdd </span> <i> at 2025-06-13T11:12:38+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sss_prctl: avoid redefinition of prctl_mm_map
prctl_mm_map is provided by linux's prctl.h and libc's prctl.h.
libc's headers should be preferred.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit fbeba7ac257ae9c04f932e58e6fff6e30a41fb78)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/963e316069ef9367e62acbfcb0a72fc0aad76c64">963e3160</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2025-06-19T10:35:33+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Move test_ldap_referrals from gating (tier1)
The test is failing due to DS ldap bug RHEL-87352.
Moving it out from gating.
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit 713da134126b84a6da11dcb2ac043efc6915e61b)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7d4affed8f8101995dac07c2f9bdaf9fc64d8354">7d4affed</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2025-06-19T14:57:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Add missing markers for ticket plugin
Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com>
(cherry picked from commit 2d308e2e9a9ae19f8e8a9d5efb9e43b13872337b)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e2384435786aa76d532da4d1fd641b4d22b971eb">e2384435</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-06-21T08:55:01+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>PAM: keep 'LISTEN_PID' and 'LISTEN_FDS'
env variables as those are used by `sd_listen_fds()`.
Resolves: https://github.com/SSSD/sssd/issues/8005
Reviewed-by: Anuj Borah <aborah@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit cd325f645256d1f5fd0c6821edad666029575b2e)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e0ca338d269c58a2d9cdf5382fa58032fef46af7">e0ca338d</a></strong>
<div>
<span> by Yuri Chornoivan </span> <i> at 2025-06-24T12:14:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix typo in sssd-ldap.5.xml
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit 7acb8ef776dfedf17bde77f82432a2bfb769f055)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2024de506336cc27c56288ab748f8160b40d4c42">2024de50</a></strong>
<div>
<span> by Yuri Chornoivan </span> <i> at 2025-06-24T12:24:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix typo in sssd-idp.5.xml
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit ac9fd622bbcc1034b771eda4607e5bd8917812f6)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/03bff005d76257bce4271b39d9632c7e5ccec4fd">03bff005</a></strong>
<div>
<span> by Yuri Chornoivan </span> <i> at 2025-06-27T16:56:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Fix typos in sss-certmap.5.xml
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
(cherry picked from commit 417d32d0192df6c1bbe9911c8bc5884a664ea4fa)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2c9a3d44317db338178ca93b37de9b70d8fb99c8">2c9a3d44</a></strong>
<div>
<span> by Yuri Chornoivan </span> <i> at 2025-06-27T16:56:52+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Update sss-certmap.5.xml
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
(cherry picked from commit 7b829bcd14aa2fc3c674699ef0be5486f5b7db2b)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/76b160e3e5a52e39f8b9a9b112e4eed0bf484a84">76b160e3</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-07-02T11:04:16+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>'gemini-code-assist' config
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit 63976d8271529f461cada3d8db187d8786d95bef)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cd54cd0fbe9ab9e9fc5d942a2d465a10f1af4165">cd54cd0f</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: remove old Obsoletes
These obsoletes have been set for multiple Fedora versions already (some even
for years), we can safely remove them now.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 44b6324e0b310c5cbcd6af73f658e231ad562253)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0e6e3c2753d1087212d765201e838e95088f43fa">0e6e3c27</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: remove old Provides
libsss_sudo-devel package was removed 12 years ago and the files
are not even packaged in the rpm anymore.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit ab6d62423d532f42496a1be9f5bc5ad1362d371a)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/18dbf893dd460985d6ba8ba93a391c41d66c1791">18dbf893</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: always build with sssd user
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 9bdc2172931de953e7547045394080d2f655a8de)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/13d05a9bf2905ebcc59c865190e7c1eba9d7332d">13d05a9b</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: always use sysusers to create the sssd user
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit cca790052c38c2c786da48c25766c48ea904670c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/aea12fede4c555b9e5f253f9f902f1e6c953a880">aea12fed</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: remove build_subid condition as it is always enabled
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit eefdd01a2e92523d5797fa0aeaf792d6c6bcd6de)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2faa4c3f576e15f0590d3a75c74345168a5718b8">2faa4c3f</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: always build kcm renewals
This has been enabled for a long time. This also removes the
krb5_version variable as all current distribution ships compatible
version.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 9d83e67f2b5bf43ef6dd2c4f7f4fe3f5d45b9a4d)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d941f86d7f874eb1e511b911047d3c7ef1041591">d941f86d</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: remove build_passkey as it is always enabled
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 538d745d355028fc1f3ad8d173ab1157cc8d2612)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d2c8841e2f08c9885223c16b65ea54ceaf036858">d2c8841e</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: build idp only on f43+ and rhel10+
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit f9f1a809783c7b6cb0671019b26b9c58758b7f3a)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/31e9170bca86622897385c17a5545bc19c49e93b">31e9170b</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: remove _hardened_build
This is enabled by default since Fedora 23.
See: https://fedoraproject.org/wiki/Changes/Harden_All_Packages
See: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_pie
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 88ad51932027a8832fb7a950d3aec045ac8d97e7)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/32d80c52ac40463481facd7f60600b038a62f787">32d80c52</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: remove ldb_version
All supported distributions have compatible version already.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 0e3ceca17196c4a4379b41f13976c2d82132312e)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/7fa5f5d15b480788a9e132d6e8b15ade2e7e2f7e">7fa5f5d1</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: add comment to samba_package_version
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 6562eb881a75fedcd7501ef51bd44bd0a5feeca2)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/131c97f18df6de6eb79ca901fdc98e7ce740a2d3">131c97f1</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: move packages required for p11_child tests together
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 5b9b9ae4b39044020a6b88352c61a7ec249f3d3d)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/fd5e2b32d7581f37b7b9c39f4638bed5b4fdeb17">fd5e2b32</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: remove systemtap-sdt-dtrace version condition
The package is available on all supported distributions.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 85f41f91e76b292922b42ea8e87be184fe24ac25)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/096a59fdf9b5efc3f72fe930dbeef09404d35e46">096a59fd</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: use upstream_version variable when producing downstream_version
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit dde42a2c7cfa20aae93532b7685f7714e99a0eeb)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/60f13397e7d4eba7cc4cff696ca9d258d5d6607f">60f13397</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: use autochangelog
We don't really care about change log in development RPMs, but we
will switch to rpmautospec in Fedora so let's do this change here
as well to keep the spec files in sync.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 9e6f6a988bb6c418cba43ae5f2219c981734b00f)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/710f4ff8835230c50af80c6de7d37aa876701498">710f4ff8</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: target f41+ and rhel10+
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 3a59decab5771f6d7bb96de7efe3b41801cddec0)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ba905e827ad95dcbc6b3fb1961db6c2b2f4f01b6">ba905e82</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-03T12:37:04+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: use version_no_tilde
Upstream version is using pre-release version with dash as a separator
since git does not support tilde in tag name. On the other side, Fedora and
RHEL requires tilde as a separator to correctly order builds.
For example: 2.10.0-beta1 vs 2.10.0~beta1.
The conversion can now be done by version_no_tilde macro. This is a
preparation for enabling packit, without this change we would need to
postprocess the spec file.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 5b342ca2eee285b0446c4c02e259aae8248c04d0)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/2ace6155f300318f3beda1c8950a39bddd217a32">2ace6155</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-07-04T14:34:12+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sysdb: add sysdb_get_direct_parents_ex()
sysdb_get_direct_parents_ex() is similar to sysdb_get_direct_parents()
but allows to request a different attribute than SYSDB_NAME be returned
for the found groups.
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit 16d61ee1acdeb73d22a756a1c68c3dfc08d9b94d)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/63a6f51069a86765417f044a62705fe20572e0da">63a6f510</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-07-04T14:34:12+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ipa: improve handling of external group memberships
Currently add_ad_user_to_cached_groups() expects that all IPA
group-memberships of users from a trusted domain are removed when the
group-memberships from the trusted domain are updated. This is currently
only true for the code path where the tokenGroups request is used. The
code path without tokenGroups does not remove the IPA group-memberships.
Removing the IPA group-memberships is also not very efficient especially
if there are no changes to those at all. With this patch in
add_ad_user_to_cached_groups() it is checked which group-memberships
have to be added or removed. In this function the SYSDB_ORIG_MEMBEROF
attribute of the user is handled as well for the IPA group-memberships.
Since this attribute is removed in all code paths all IPA
group-memberships are added here again. But instead of doing it one by
one as in the previous version, the attribute is added for all groups in
a single operation which should help to improved the performance as
well.
Resolves: https://github.com/SSSD/sssd/issues/7921
Reviewed-by: Alejandro López <allopez@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
(cherry picked from commit 2a19873c84948a6451da80e6c8d3f689c8228c04)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/706a673aef24742f1f8ffa13b6b2257a274ee26a">706a673a</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-07-07T17:16:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>authtok: add IS_PW_OR_ST_AUTHTOK()
This patch adds a helper macro to determine if an authtok struct is of
type SSS_AUTHTOK_TYPE_PASSWORD or SSS_AUTHTOK_TYPE_PAM_STACKED. This is
useful if a password is expected but an authentication token forwarded
by an different PAM module, which is most probably a password, can be
used as well.
Resolves: https://github.com/SSSD/sssd/issues/7968
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 297ecc467efb6035e370f62e62ffa668bb1d0050)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/856d20a3790080248b78f3c06c043f141d9d9585">856d20a3</a></strong>
<div>
<span> by Sumit Bose </span> <i> at 2025-07-07T17:16:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>krb5: offline with SSS_AUTHTOK_TYPE_PAM_STACKED
Recently a new authtok type SSS_AUTHTOK_TYPE_PAM_STACKED was added to
handle credentials forwarded by other PAM modules. Before it was
unconditionally assumed that it is a password and hence
SSS_AUTHTOK_TYPE_PASSWORD was used.
When SSS_AUTHTOK_TYPE_PAM_STACKED was introduce the main use-cases were
already handled but currently offline use-cases fail because here only
SSS_AUTHTOK_TYPE_PASSWORD is expected. With this patch
SSS_AUTHTOK_TYPE_PAM_STACKED can be used to store or validate offline
credentials as well.
Resolves: https://github.com/SSSD/sssd/issues/7968
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 3b106f1888b6430b8bab75e1c0fe0f054eafce48)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/d06f9b5ff138945d2f76cc9a9def75d9f82d51ec">d06f9b5f</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-08T12:34:12+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: use correct url for the tarball
The "archive" tarball is created by github by tarring the repository
content, it is not the same what we release.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit c7bf90643aee429de40a5ed795ba3483b40ae0d2)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/1e1cfc4c2dd48fe0a9a1e0b503edb33747a19a46">1e1cfc4c</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-08T12:34:12+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: support gpg verification
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit caeeaf7c120f36914415dbe1a9030c477033490e)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/a7b96f0ec104bd16b9ce8e2597994bf3056282d2">a7b96f0e</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-08T12:34:12+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: add packit configuration
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 1b884f056ba460c1e3990cd3c31829b70ddf6182)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5698d6059f299f781bdbd348adb76ffc36ef5177">5698d605</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-08T12:34:12+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>ci: remove custom copr builds
COPR builds are now built by packit.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 8daa3e11a6e09938780ea5ee864dd50e62b490ac)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/4e7ae2422d1450a2403c22d1569dfa46af07dfe1">4e7ae242</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-07-10T13:09:32+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>SPEC: add missing '\'
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 94151af9e3465262137c3a877953335c92c27c8c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f0e6650d22491d9df34e066e864fbefe5898e322">f0e6650d</a></strong>
<div>
<span> by Dan Lavu </span> <i> at 2025-07-11T15:06:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>removing deprecated pam_ldap pam_krb proxy provider multihost tests
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit 2121f9b8d53ae35959e589561ce7e70a7efe7f81)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/e013f9599c9556f947c5014b02f2e768b228db97">e013f959</a></strong>
<div>
<span> by Jakub Vávra </span> <i> at 2025-07-24T07:08:29+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: Move test_sssctl__analyze_without_root_privileges from gating
Run the sssctl analyze under user1 using su instead of ssh.
Remove the test from gating as this is not a "core" functionality.
Reviewed-by: Dan Lavu <dlavu@redhat.com>
(cherry picked from commit 0ceb448745473917cd9cdff3a0f6334684e2a77c)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9129d890c8f22b2710dfa963205ee466f2b9cc46">9129d890</a></strong>
<div>
<span> by André Boscatto </span> <i> at 2025-07-24T07:10:11+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: Adding nested group test case for simple access control
While going through the multihost test we identified that this test case
was not covered, thus adding it now.
Relates to https://github.com/SSSD/sssd/pull/7984
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Jakub Vávra <jvavra@redhat.com>
(cherry picked from commit e35516214944cb0b4f3928bef20a27cfd3f3be44)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/f51065918e95ac98b28fbc3392c2f7838a629836">f5106591</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-07-29T17:26:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Make sure previously rotated logs are chown-ed as well.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 7e8b62e0a98b7dba1b11798da73992bb5478da35)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/30f03098a4c88d30a12ecbe6c1f4af6d73193436">30f03098</a></strong>
<div>
<span> by Alexey Tikhonov </span> <i> at 2025-07-29T17:26:36+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>spec: don't dereference links while chown-ing in %post
Make it consistent with systemd service file.
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit d8ac442973e3304c951d42126eea6248b7dc8d2a)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/5757dfdbbe1ec883dc690a41a72583bf54a84c09">5757dfdb</a></strong>
<div>
<span> by krishnavema </span> <i> at 2025-07-29T17:31:55+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>tests: adding user su smartcard login test
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 8c32d7fae0b00c3802ff861040e69bcfc7639a11)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/61a5ab6c5e4c8e955a38bdf63a07ab6d4c965c81">61a5ab6c</a></strong>
<div>
<span> by shridhargadekar </span> <i> at 2025-07-31T11:06:51+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Tests: cache_credentials = true not working
Tests for cache_credentials = true not working in sssd, with specified PAM
configuration in /etc/pam.d/system-auth and /etc/pam.d/password-auth
verifies #7968
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
(cherry picked from commit 9856b6dda23ca565475cceb7897f7117a3880ab1)
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6fd3415e1b32c31d62a1a7e0942d0ab62cce6d00">6fd3415e</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-31T13:05:46+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>pot: update pot files
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/ced937c9d3818567c59f624379e61be0004edf2f">ced937c9</a></strong>
<div>
<span> by Pavel Březina </span> <i> at 2025-07-31T13:06:15+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Release sssd-2.11.1
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/98d08602fa3332d41162a269cea4afcae5b0a4a3">98d08602</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-11-10T14:12:05+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Merge tag '2.10.1' into m
2.10.1
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/0faea70ad76988e350e55d0354676b138abaa695">0faea70a</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-11-10T14:12:28+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Merge branch 'master' into m
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/6f9a0b6a1ac47052a10e07630d12811e75a0cf41">6f9a0b6a</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-11-10T14:13:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>version bump
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/066a5fc6c9e7524a5447ded5ac4cc449a3625bbc">066a5fc6</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-11-10T15:19:43+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>watch: Updated.
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/b8d29065fcbad59a05421373dffab7e5bf527d6f">b8d29065</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-11-10T15:24:59+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>d/p/drop-valgrind.diff: Dropped, obsolete.
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/cd858f099df1a2e4d3d75a8d591d4c2e67f61952">cd858f09</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-11-10T15:44:56+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>source: Update local-options.
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/8920e5f6df0fef192882ce61c8feede323116a29">8920e5f6</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-11-10T15:48:53+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>rules, install: Drop files-provider, removed upstream.
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/66cf230b2d8228bab96daf11511fd69c8e04c8ae">66cf230b</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-11-10T15:54:31+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>sssd-common: Add sssd-idp.
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9bcfb7336d5c7a3521695386743b8968edac934b">9bcfb733</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-11-10T16:33:34+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>copyright: Update FSF address.
</pre>
</li>
<li>
<strong style="font-weight: 600;"><a href="https://salsa.debian.org/sssd-team/sssd/-/commit/9d4cb2e29aea28bd53aa36d6cd02c6700607a4de">9d4cb2e2</a></strong>
<div>
<span> by Timo Aaltonen </span> <i> at 2025-11-10T16:35:10+02:00 </i>
</div>
<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>releasing package sssd version 2.11.1-1
</pre>
</li>
</ul>
<h4 style="margin-top: 10px; margin-bottom: 10px;">
361 changed files:
</h4>
<ul>
<li class="file-stats">
<a href="#27d2490604fdeba08edc0d0e4254feb970c63dd0">
<span class="new-file">
+
.gemini/config.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#71da4bef7d009bfa59d0f7ca85bf6a18169fb48d">
.github/workflows/analyze-target.yml
</a>
</li>
<li class="file-stats">
<a href="#899ce9c202bf7bb5480e72836c3edc773c9c4244">
.github/workflows/ci.yml
</a>
</li>
<li class="file-stats">
<a href="#205e49e7f8cbf1a4f02d387dd32850fa09a5ef81">
<span class="deleted-file">
−
.github/workflows/copr_build.yml
</span>
</a>
</li>
<li class="file-stats">
<a href="#5439b3be16e91e7a13b1977539a10e7b3639a891">
<span class="deleted-file">
−
.github/workflows/copr_cleanup.yml
</span>
</a>
</li>
<li class="file-stats">
<a href="#f34eaf19b34e4ae5135212c79909cfd8d3c70b6b">
.github/workflows/coverity.yml
</a>
</li>
<li class="file-stats">
<a href="#4d938f6c1c694e539e55e88076490273a04798ba">
.github/workflows/static-code-analysis.yml
</a>
</li>
<li class="file-stats">
<a href="#8eef649c6f3efda90b9e4f57ec6593b23880057e">
<span class="new-file">
+
.packit.yaml
</span>
</a>
</li>
<li class="file-stats">
<a href="#d5b4de16d947214ec306bd57bed1bd23a939b5f9">
Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#87db583be5c13c1f7b3c958b10e03d67b6a2ca06">
configure.ac
</a>
</li>
<li class="file-stats">
<a href="#4fd746b72d7a3976d4c1ae84db34f6173b62a1e8">
contrib/ci/configure.sh
</a>
</li>
<li class="file-stats">
<a href="#49d80aa598751b3e8c23a3bbb4e7e9c03aa770b6">
contrib/ci/deps.sh
</a>
</li>
<li class="file-stats">
<a href="#0aeb6d52776b667900291cb1c14a7dadddc5c3b2">
contrib/ci/get-matrix.py
</a>
</li>
<li class="file-stats">
<a href="#bbbd24449367d77f81126e526ed11d8a75d13afa">
<span class="new-file">
+
contrib/sssd-realmd.rules.in
</span>
</a>
</li>
<li class="file-stats">
<a href="#b8d57aa4a09effcbac8deeffe8aea9131499424f">
contrib/sssd.spec.in
</a>
</li>
<li class="file-stats">
<a href="#9c96da0e9f91d7d8937b69b524702c106258f0d1">
debian/changelog
</a>
</li>
<li class="file-stats">
<a href="#adb7f75f79e3bb85eb62912a2904c5d24af878fb">
debian/copyright
</a>
</li>
<li class="file-stats">
<a href="#0943b73308ed7ae12d68573206ff3ea6ab367127">
<span class="deleted-file">
−
debian/patches/drop-valgrind.diff
</span>
</a>
</li>
<li class="file-stats">
<a href="#bc34014ab4b9a49dd7a27bdd8d352912607c3a96">
debian/patches/series
</a>
</li>
<li class="file-stats">
<a href="#8756c63497c8dc39f7773438edf53b220c773f67">
debian/rules
</a>
</li>
<li class="file-stats">
<a href="#3caafdf94bbf5120d28741728a95e490ff6bbb9b">
debian/source/local-options
</a>
</li>
<li class="file-stats">
<a href="#888968d8696ab3370bf567424c1013cb2ad00c45">
debian/sssd-common.install
</a>
</li>
<li class="file-stats">
<a href="#68ef9f98c01c7eecd4c605cc26048a06f3304b79">
debian/watch
</a>
</li>
<li class="file-stats">
<a href="#4e573a66c66b45b45a1e180cad791738ed22cdd2">
po/bg.po
</a>
</li>
<li class="file-stats">
<a href="#b91599a7e7dcdfc93152518865a9d894acfe41c9">
po/ca.po
</a>
</li>
<li class="file-stats">
<a href="#fccf081b8d2f9631b6347df4a24d22fac5a73474">
po/cs.po
</a>
</li>
<li class="file-stats">
<a href="#8133f48bcd872819f4d7310d09b4ef30a26831b0">
po/de.po
</a>
</li>
<li class="file-stats">
<a href="#bf0ecd6fd82096852700283e68fd723ccfe57871">
po/es.po
</a>
</li>
<li class="file-stats">
<a href="#804f8c75d12ae05ad9351001530d8575e03a169d">
po/eu.po
</a>
</li>
<li class="file-stats">
<a href="#4a909f28ec13a23ac75c362bf9a9e15669d47d6d">
po/fi.po
</a>
</li>
<li class="file-stats">
<a href="#09aa9a4cf22de79302d7cefe7d280b7235f787c7">
po/fr.po
</a>
</li>
<li class="file-stats">
<a href="#1ea4eac30921a4a13fc7be0b323144e189daec70">
po/hu.po
</a>
</li>
<li class="file-stats">
<a href="#cbd0a16c6ab85833ae5892982bc57d68cc315864">
po/id.po
</a>
</li>
<li class="file-stats">
<a href="#327aa0bc550fa884acca79a3295e722b622f7559">
po/it.po
</a>
</li>
<li class="file-stats">
<a href="#5c873de36a1b57f9c8b16c7fb9cd64292a431fb2">
po/ja.po
</a>
</li>
<li class="file-stats">
<a href="#b4483a69a17ce84171905a68001440348a030887">
po/ka.po
</a>
</li>
<li class="file-stats">
<a href="#462de2f88a6167ce90705f7096ce3afdcfa1d264">
po/ko.po
</a>
</li>
<li class="file-stats">
<a href="#088da71e4e8eddb438a4704013c74671ac837fe3">
po/nb.po
</a>
</li>
<li class="file-stats">
<a href="#c54e8255699d35fd83cf0c4800a6cf1fe45533d9">
po/nl.po
</a>
</li>
<li class="file-stats">
<a href="#74adca948cd9fddf7f9644856d4988126ffe9601">
po/pl.po
</a>
</li>
<li class="file-stats">
<a href="#7a488413e07158a724225892439d611e4ba28ba0">
po/pt.po
</a>
</li>
<li class="file-stats">
<a href="#160f60c3dd59b978e505eccda1925dc3923a1d71">
po/pt_BR.po
</a>
</li>
<li class="file-stats">
<a href="#2316433971b53f8a58c69a9c3ce650787e35b3c0">
po/ru.po
</a>
</li>
<li class="file-stats">
<a href="#0d4e896bfdd3ddb2a1208357455cc9d994cf5a94">
po/sssd.pot
</a>
</li>
<li class="file-stats">
<a href="#4a5c1cf4e30bce97baf810ad306a537239e2c52e">
po/sv.po
</a>
</li>
<li class="file-stats">
<a href="#172b5ede9463bce50719ca3fba867887ecdaa56c">
po/tg.po
</a>
</li>
<li class="file-stats">
<a href="#cf4f0b0dadc52f5cd0dfbc7af6bc3ca27ba42355">
po/tr.po
</a>
</li>
<li class="file-stats">
<a href="#b51f8cbe35a8772efe6f023fc1673b635dca1f80">
po/uk.po
</a>
</li>
<li class="file-stats">
<a href="#649f57c2c27e08866163cb3bc5d7709242509a33">
po/zh_CN.po
</a>
</li>
<li class="file-stats">
<a href="#9073c7a6a45185a5d8109b9db2583c3a6ebb6fc0">
po/zh_TW.po
</a>
</li>
<li class="file-stats">
<a href="#e126e29c556fb5b57b454ff0fe568ab8d23ec4ff">
src/conf_macros.m4
</a>
</li>
<li class="file-stats">
<a href="#8130d92ab2dbb731fb207301f85bd6212a4925e1">
src/confdb/confdb.c
</a>
</li>
<li class="file-stats">
<a href="#87f797812a6c8103120c84edd047870e3d4238fc">
src/confdb/confdb.h
</a>
</li>
<li class="file-stats">
<a href="#3a143ef9ccd76ba9850988da39e18c709ba194f2">
src/config/SSSDConfig/sssdoptions.py
</a>
</li>
<li class="file-stats">
<a href="#e88f08bc547274216ac6b8b404de90b01e62a715">
src/config/cfg_rules.ini
</a>
</li>
<li class="file-stats">
<a href="#0bb5ac26196a4eea2483a67a54e2901eb1654636">
src/config/etc/sssd.api.conf
</a>
</li>
<li class="file-stats">
<a href="#6845e89795e2bc7a9f61e8d7e840053da88f699d">
<span class="deleted-file">
−
src/config/etc/sssd.api.d/sssd-files.conf
</span>
</a>
</li>
<li class="file-stats">
<a href="#62474e063be5780c2c61f9b6aa3613919abb17ea">
src/db/sysdb.h
</a>
</li>
<li class="file-stats">
<a href="#abeebb898a84e42faa346439dce7acf5863620e3">
src/db/sysdb_ops.c
</a>
</li>
<li class="file-stats">
<a href="#0d23baa45350ac5307eec6b21a8fc0554cd5ad5e">
src/db/sysdb_search.c
</a>
</li>
<li class="file-stats">
<a href="#18de443d0634f4fbb11cdb27a01e8e9984a9034f">
src/db/sysdb_services.c
</a>
</li>
<li class="file-stats">
<a href="#43f78164d84c68f68eaa0a02400af17f255c19a0">
src/db/sysdb_subdomains.c
</a>
</li>
<li class="file-stats">
<a href="#36b6e461fd3643c0547766f376de511cd75ef187">
src/db/sysdb_views.c
</a>
</li>
<li class="file-stats">
<a href="#3198a41d7a71cd2e18609e6d87285a5077d4bbc4">
src/examples/logrotate.in
</a>
</li>
<li class="file-stats">
<a href="#e1ea670f1cd9d7eeb2e7708dba6cb3546129757b">
src/external/ldap.m4
</a>
</li>
<li class="file-stats">
<a href="#289e62b9d3f4795d688df0d87650a66b933a4903">
src/external/pam.m4
</a>
</li>
<li class="file-stats">
<a href="#be457717636aed981d743600acd0da03d027c1dc">
src/external/platform.m4
</a>
</li>
<li class="file-stats">
<a href="#be0416bb592d589a7bb2329562c0039b60528031">
src/external/signal.m4
</a>
</li>
<li class="file-stats">
<a href="#be90f5413f61a7f961f05b0866cbcff7151c81fa">
src/krb5_plugin/idp/idp.h
</a>
</li>
<li class="file-stats">
<a href="#eec0584aed34a4f1a6ef6faf63d9cf21a47e8d86">
src/krb5_plugin/idp/idp_utils.c
</a>
</li>
<li class="file-stats">
<a href="#f0a2f4ced59869b8f21e949371994b0b5c98c70f">
src/lib/certmap/sss_certmap.exports
</a>
</li>
<li class="file-stats">
<a href="#73c317cfc8be005d284a54b12a3882ec23bfa0e6">
src/lib/idmap/sss_idmap.c
</a>
</li>
<li class="file-stats">
<a href="#c024a9a60f660dac24d58131b0b727aeedb96497">
src/lib/idmap/sss_idmap.doxy.in
</a>
</li>
<li class="file-stats">
<a href="#488eb17107d705d321133823d8746e2ba6c416ff">
src/lib/idmap/sss_idmap.exports
</a>
</li>
<li class="file-stats">
<a href="#5b9c96988a655f2faf1f904b585263765d0841ec">
src/lib/idmap/sss_idmap.h
</a>
</li>
<li class="file-stats">
<a href="#c9d51a89c450d5d3828c6ed0a26b023c22c21435">
<span class="deleted-file">
−
src/lib/sifp/sss_sifp.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#959c08a2413af9612b3fd772a357d96fb26c12b0">
<span class="deleted-file">
−
src/lib/sifp/sss_sifp.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#31d55c76bbaa79bf9bcd855ad99295314c662209">
<span class="deleted-file">
−
src/lib/sifp/sss_sifp_attrs.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#bc170caec0edc56d46d5eebae9c9c744ca02fec0">
<span class="deleted-file">
−
src/lib/sifp/sss_sifp_common.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#3803e566ea1569bf0a5b29ed7b9e70c15901c95a">
<span class="deleted-file">
−
src/lib/sifp/sss_sifp_dbus.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#641f925b2e0558439182c8fec0c952be33e76adc">
<span class="deleted-file">
−
src/lib/sifp/sss_sifp_dbus.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#f81507b58f6293ee62e8597c03febcbdef5bba60">
<span class="deleted-file">
−
src/lib/sifp/sss_sifp_parser.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#f4299b73ed7d1c3c1ed42e660410341f179c9e08">
<span class="deleted-file">
−
src/lib/sifp/sss_sifp_private.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#a3d379fded76189db11c8557884b88f243893912">
<span class="deleted-file">
−
src/lib/sifp/sss_simpleifp.doxy.in
</span>
</a>
</li>
<li class="file-stats">
<a href="#5fd48dab0d6ff57eb4bf18a1a4a55d92991eb186">
<span class="deleted-file">
−
src/lib/sifp/sss_simpleifp.exports
</span>
</a>
</li>
<li class="file-stats">
<a href="#851c0df0e0d448b77c89ef2e5b9541ec8d81881f">
<span class="deleted-file">
−
src/lib/sifp/sss_simpleifp.pc.in
</span>
</a>
</li>
<li class="file-stats">
<a href="#e18f93a0c17ea91445d7fed901e611619d18af9c">
src/man/Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#fafd7d846ff34f6611099083bf687c988d490999">
src/man/include/override_homedir.xml
</a>
</li>
<li class="file-stats">
<a href="#d9755123caf8a4f4204a44c2ddc2a135814a475f">
src/man/include/seealso.xml
</a>
</li>
<li class="file-stats">
<a href="#0c681dd177a1a0b833a911ff24aac30061002acf">
src/man/pam_sss.8.xml
</a>
</li>
<li class="file-stats">
<a href="#57f6acb472af7084a87335932ea41992bb30a35d">
src/man/po/br.po
</a>
</li>
<li class="file-stats">
<a href="#dbfa196c52236ac697f5c119cf3f3802197e5a49">
src/man/po/ca.po
</a>
</li>
<li class="file-stats">
<a href="#8226d5e4ce16f6cd0b6ae2c43243684f17d6e40e">
src/man/po/cs.po
</a>
</li>
<li class="file-stats">
<a href="#587621c0831f8ec13ffe600166e06205a199f554">
src/man/po/de.po
</a>
</li>
<li class="file-stats">
<a href="#a7861c52f3b1006d4e23c46d7663efe04f921c7d">
src/man/po/es.po
</a>
</li>
<li class="file-stats">
<a href="#35f0f810b0e5ae3cbc43a48543d79019213497d2">
src/man/po/eu.po
</a>
</li>
<li class="file-stats">
<a href="#34df2355e4ceaf43b259198016c3a20490cfee60">
src/man/po/fi.po
</a>
</li>
<li class="file-stats">
<a href="#6d4ef8b31fd19b2c25cd7921c670444f27b16f9b">
src/man/po/fr.po
</a>
</li>
<li class="file-stats">
<a href="#04d8b4e374b1f0212c6bc04201c100c75b25bd4e">
src/man/po/ja.po
</a>
</li>
<li class="file-stats">
<a href="#2ffeb6e778f4398348d9172f8a863195d3fa45ad">
src/man/po/lv.po
</a>
</li>
<li class="file-stats">
<a href="#0e7fc554b6d1752b42d6a4bcc3cdfc3c0b624c8c">
src/man/po/nl.po
</a>
</li>
<li class="file-stats">
<a href="#bc059ca3487899b6af2c6b1176e9302f3cab478b">
src/man/po/po4a.cfg
</a>
</li>
<li class="file-stats">
<a href="#34f36500467b30b0fa1f54d1029b8e4578a5decb">
src/man/po/pt.po
</a>
</li>
<li class="file-stats">
<a href="#25665ba0820f06ec80ccb9fc2d793095221dbc66">
src/man/po/pt_BR.po
</a>
</li>
<li class="file-stats">
<a href="#1574269bb5b331ca21ad843da9cc0eefdde27d80">
src/man/po/ru.po
</a>
</li>
<li class="file-stats">
<a href="#4b723b8389be78693507a4fd8565d5ea64ad01ae">
src/man/po/sssd-docs.pot
</a>
</li>
<li class="file-stats">
<a href="#bbac6a79a3c8139e03a39fdada355f01d3f9dfec">
src/man/po/sv.po
</a>
</li>
<li class="file-stats">
<a href="#b5bb1b007d2520b49ccd10acef65bde92d63114e">
src/man/po/tg.po
</a>
</li>
<li class="file-stats">
<a href="#ea51d4c8341a5c277996b86eaf6ec79414e067a6">
src/man/po/uk.po
</a>
</li>
<li class="file-stats">
<a href="#f071078a9da76bc6ab756e2c2ce9c65575a26f1a">
src/man/po/zh_CN.po
</a>
</li>
<li class="file-stats">
<a href="#5f3bed0e52e214cb12539b24f2b860dedff5dcd5">
<span class="new-file">
+
src/man/po/zh_TW.po
</span>
</a>
</li>
<li class="file-stats">
<a href="#f7921cd40b2dcadf94ef0c2ba0dca860eed350ba">
src/man/sss-certmap.5.xml
</a>
</li>
<li class="file-stats">
<a href="#cf3f93e29f743acaf3a01ab22fbb3857ad0f6469">
src/man/sss_ssh_knownhosts.1.xml
</a>
</li>
<li class="file-stats">
<a href="#c5e9b03768857a2b711ed82240efb2701ae72594">
<span class="deleted-file">
−
src/man/sss_ssh_knownhostsproxy.1.xml
</span>
</a>
</li>
<li class="file-stats">
<a href="#b254640277cb6fb002bebc29ef8542b13b30d17d">
src/man/sssd-ad.5.xml
</a>
</li>
<li class="file-stats">
<a href="#07da1657789a5e7dbbfd2c4f95ed364ffbd76d59">
<span class="deleted-file">
−
src/man/sssd-files.5.xml
</span>
</a>
</li>
<li class="file-stats">
<a href="#2adc864b4dd4752d81a247135f57a9071deb4046">
<span class="new-file">
+
src/man/sssd-idp.5.xml
</span>
</a>
</li>
<li class="file-stats">
<a href="#ef2a003034640c1d50b1ae05d14ade71c2d94346">
src/man/sssd-ipa.5.xml
</a>
</li>
<li class="file-stats">
<a href="#c6af0382d2350424d0d4e2498cb1c639342392e2">
src/man/sssd-ldap.5.xml
</a>
</li>
<li class="file-stats">
<a href="#0861c4ee0beeb4221aa381033269b1967cc92acf">
src/man/sssd-simple.5.xml
</a>
</li>
<li class="file-stats">
<a href="#626322c16d5b424d9999f3fa7a267744cb65d4a5">
src/man/sssd.conf.5.xml
</a>
</li>
<li class="file-stats">
<a href="#1397c97561904cbc9e5bcca697e9ce3cef1ed2bf">
src/monitor/monitor.c
</a>
</li>
<li class="file-stats">
<a href="#a4c49f8ad101c6d724f7aaf9e887fc7c106b42a3">
src/monitor/monitor_bootstrap.c
</a>
</li>
<li class="file-stats">
<a href="#36b26b6e69b46056018375fc32344a38830f831a">
<span class="deleted-file">
−
src/monitor/nscd.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#6ab20b02df813e328ed7b95629460efc5d4dbe0b">
src/oidc_child/oidc_child.c
</a>
</li>
<li class="file-stats">
<a href="#4991418753e1ee50e03dfe7f8d5f52bcdef2e4aa">
src/oidc_child/oidc_child_curl.c
</a>
</li>
<li class="file-stats">
<a href="#183c77d882e10449fd1c5d1f24244ae27228541c">
<span class="new-file">
+
src/oidc_child/oidc_child_id.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#099a7b44a095ab78a9fdc1c324adacde9f4d7894">
src/oidc_child/oidc_child_json.c
</a>
</li>
<li class="file-stats">
<a href="#ef5a602d38640d383528a5936a26e57b01ab0bf1">
src/oidc_child/oidc_child_util.h
</a>
</li>
<li class="file-stats">
<a href="#18fbf36328b2b02c1049457bc9f48620252bdfc4">
src/p11_child/p11_child.h
</a>
</li>
<li class="file-stats">
<a href="#528db958897fe0a80822662fde8df19331c57d26">
src/p11_child/p11_child_common.c
</a>
</li>
<li class="file-stats">
<a href="#dd3bd903b743c7cf118465a4b7373b06f652690c">
src/p11_child/p11_child_openssl.c
</a>
</li>
<li class="file-stats">
<a href="#1974b4ecfa7278a6a48be266d1da9cf3664628b9">
src/passkey_child/passkey_child_common.c
</a>
</li>
<li class="file-stats">
<a href="#c77e1b74ff214c15682f3a3c79525c5c708e29b5">
src/providers/ad/ad_common.c
</a>
</li>
<li class="file-stats">
<a href="#0443b792d6a313cef630a4edef240cfe2f86a091">
src/providers/ad/ad_common.h
</a>
</li>
<li class="file-stats">
<a href="#731b1b746b539fdd171ef2b8a8820210fe522d2b">
src/providers/ad/ad_gpo_child.c
</a>
</li>
<li class="file-stats">
<a href="#09738da4c56b67cab256ed8fb1ff8dac0fe1a4d5">
src/providers/ad/ad_machine_pw_renewal.c
</a>
</li>
<li class="file-stats">
<a href="#980671763f2ac5f9c3efa481530e86082a2d995b">
src/providers/ad/ad_opts.c
</a>
</li>
<li class="file-stats">
<a href="#b776212f5dad9690254fbd6710fc976e2f97fe3a">
src/providers/ad/ad_subdomains.c
</a>
</li>
<li class="file-stats">
<a href="#c413c5cbb722aa711df3a7e912db6c6076e8d79a">
src/providers/backend.h
</a>
</li>
<li class="file-stats">
<a href="#447b78c5d3803eb98437f4c550d733c71195eaa6">
src/providers/be_dyndns.c
</a>
</li>
<li class="file-stats">
<a href="#58523e132aaa947421fda7c34e3ba57ab4dda96f">
src/providers/data_provider.h
</a>
</li>
<li class="file-stats">
<a href="#4fa0ed52495b128b3e0f482baf6c500e06b1ee39">
src/providers/data_provider/dp.h
</a>
</li>
<li class="file-stats">
<a href="#ebf5f2fcaf0f7f27a305e0be0dbc8af488493090">
src/providers/data_provider/dp_resp_client.c
</a>
</li>
<li class="file-stats">
<a href="#0c5cfeb3e0cd301834eb2043d9b1169a5d5dc419">
src/providers/data_provider/dp_targets.c
</a>
</li>
<li class="file-stats">
<a href="#0c8340b7266c85f01dc29db116715e7189956f21">
src/providers/data_provider_be.c
</a>
</li>
<li class="file-stats">
<a href="#de7ec240dcca8eca58faa993666dabcda7d12842">
src/providers/data_provider_fo.c
</a>
</li>
<li class="file-stats">
<a href="#d9a483d0ffdfbdf6547d66b7f771b58ca8ff4b54">
src/providers/fail_over.c
</a>
</li>
<li class="file-stats">
<a href="#7723a6ffa9d81b60cc7cb3b14be3b1b0319b6384">
src/providers/fail_over.h
</a>
</li>
<li class="file-stats">
<a href="#8c6ced4846883dbad22a54a735d94b4f75bb19e0">
src/providers/fail_over_srv.c
</a>
</li>
<li class="file-stats">
<a href="#6b7d9538a2b257f4e70e564bfda7bd002a67cbb1">
<span class="deleted-file">
−
src/providers/files/files_certmap.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#7fd2adb61b1194e5beeba5c10856e1b486765d59">
<span class="deleted-file">
−
src/providers/files/files_id.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#d3dac9b8cc2f9464cf1c604a4c28263609629bd6">
<span class="deleted-file">
−
src/providers/files/files_init.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#901f9e7e5a622a6da5be4adb2e6a31ef1c7ded59">
<span class="deleted-file">
−
src/providers/files/files_ops.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#61f6313e0615845ea5f139f6e205449750748291">
<span class="deleted-file">
−
src/providers/files/files_private.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#1df4422a5dc3cbe8e4e210688b710a84d92b5cfa">
<span class="new-file">
+
src/providers/idp/idp_auth.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#6e2e485d5469ab6e22af212b800440073455b298">
<span class="new-file">
+
src/providers/idp/idp_auth.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#738e9d1d4aae8a447f90024433b84364c22b6b9a">
<span class="new-file">
+
src/providers/idp/idp_auth_eval.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#56a1883bb33c070bb914bcfaffadc454a48e94ef">
<span class="new-file">
+
src/providers/idp/idp_common.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#80325d68e8f2a9f71e33f2bb6edc335b4a940e0e">
<span class="new-file">
+
src/providers/idp/idp_id.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#d571966c041bfb6279c62f3a7d51dfb5389e3698">
<span class="new-file">
+
src/providers/idp/idp_id.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#56bcdeb4ef06422684cf1039317592441e55d096">
<span class="new-file">
+
src/providers/idp/idp_id_eval.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#5b5fe501bb22867c14acb0c56e60112abef3ad9d">
<span class="new-file">
+
src/providers/idp/idp_init.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#2386cb51fc9e575bc59db9c773ecfd60081fafd5">
src/providers/files/files_auth.c
→
src/providers/idp/idp_online_check.c
</a>
</li>
<li class="file-stats">
<a href="#e48af9954838df68fcc4c92f52874c9b30824fcc">
<span class="new-file">
+
src/providers/idp/idp_opts.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#983455d74ca6b3418a36c1deb33d1959e05d29b4">
<span class="new-file">
+
src/providers/idp/idp_opts.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#ce0e742f7a44e7104b9eb1398eaf5d556c8b94aa">
<span class="new-file">
+
src/providers/idp/idp_private.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#a5ddecdf17cd6adeffe7c2135ee59f51f585fcac">
<span class="new-file">
+
src/providers/idp/oidc_child_handler.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#f0dfc4e8edb3c48b1634d30c72f0e706e21cbd98">
src/providers/ipa/ipa_auth.c
</a>
</li>
<li class="file-stats">
<a href="#b0bd846f4f6cdf5cd4e8291c307a6d23a1232f56">
src/providers/ipa/ipa_common.c
</a>
</li>
<li class="file-stats">
<a href="#cb53adb49292e4c28625d48682b7dec6f1679b90">
src/providers/ipa/ipa_common.h
</a>
</li>
<li class="file-stats">
<a href="#a0fa470c66c0c8105503d581f1f7fc779deda353">
src/providers/ipa/ipa_config.c
</a>
</li>
<li class="file-stats">
<a href="#bf1e9708ed6620d6545c51f85170b70ef672d967">
src/providers/ipa/ipa_id.c
</a>
</li>
<li class="file-stats">
<a href="#0921b7012565df62a51dfe82c5315bceed969a63">
src/providers/ipa/ipa_id.h
</a>
</li>
<li class="file-stats">
<a href="#3df14dea467e2d73553329242c3e91678e620836">
src/providers/ipa/ipa_init.c
</a>
</li>
<li class="file-stats">
<a href="#8b131ba0d1451cd1a5e3c7511c96f777092226e6">
src/providers/ipa/ipa_opts.c
</a>
</li>
<li class="file-stats">
<a href="#877462785ba3a1495e5913e085e1d37e703c42ab">
src/providers/ipa/ipa_s2n_exop.c
</a>
</li>
<li class="file-stats">
<a href="#e4d60520e1a7f75084402f4abd5717f8949e23b6">
src/providers/ipa/ipa_selinux.c
</a>
</li>
<li class="file-stats">
<a href="#92ce5835f3e741a77d16076e28771994fd67c1b0">
src/providers/ipa/ipa_subdomains.c
</a>
</li>
<li class="file-stats">
<a href="#9756be57d97e167bc3ee0dd45d55471022f76dca">
src/providers/ipa/ipa_subdomains.h
</a>
</li>
<li class="file-stats">
<a href="#646ac89e75249d0ddc689e30943e276204e5ef22">
src/providers/ipa/ipa_subdomains_ext_groups.c
</a>
</li>
<li class="file-stats">
<a href="#c85ae2a4e061a15f171c9f5c8f1c86cd4e8ad5ab">
src/providers/ipa/ipa_subdomains_id.c
</a>
</li>
<li class="file-stats">
<a href="#0a7fbd261bca50ed20f2acf3d3a6de649fb6a1aa">
src/providers/ipa/ipa_subdomains_passkey.c
</a>
</li>
<li class="file-stats">
<a href="#44d4ff1595eb58a0a4e9a12f3b4dc1b171a505ae">
src/providers/ipa/ipa_subdomains_server.c
</a>
</li>
<li class="file-stats">
<a href="#847449dcf3a06f51111e53168dabaf3ff8507338">
src/providers/ipa/ipa_views.c
</a>
</li>
<li class="file-stats">
<a href="#110a3b8b26d5be372d6f0257270e701d0d95455f">
src/providers/ipa/selinux_child.c
</a>
</li>
<li class="file-stats">
<a href="#22b707ea44a5a6fceea501064f4f24ae956ec67b">
src/providers/krb5/krb5_auth.c
</a>
</li>
<li class="file-stats">
<a href="#430c660511b41fd57eb9449306b57a6cdb16f7ec">
src/providers/krb5/krb5_child.c
</a>
</li>
<li class="file-stats">
<a href="#f61b0bf9f99c3c66b199277113839f6887724f82">
src/providers/krb5/krb5_child_handler.c
</a>
</li>
<li class="file-stats">
<a href="#f638050534826085d59239f40e5b7bbf24da096b">
src/monitor/become_user.c
→
src/providers/krb5/krb5_child_share.c
</a>
</li>
<li class="file-stats">
<a href="#ad2589cd23cc049d3daa7fcc13f39301d2df9907">
src/providers/krb5/krb5_delayed_online_authentication.c
</a>
</li>
<li class="file-stats">
<a href="#a33a8f41be45e804e087016924c13f61392b1051">
src/providers/krb5/krb5_utils.h
</a>
</li>
<li class="file-stats">
<a href="#adf410ab7fa21f1dd9b5c5add7fc9dc3e8934a79">
src/providers/ldap/ldap_auth.c
</a>
</li>
<li class="file-stats">
<a href="#3265c0c77698fb3d80a0f91fb30cc76a2bb11d13">
src/providers/ldap/ldap_child.c
</a>
</li>
<li class="file-stats">
<a href="#029972393264ad914a89f7e246c61f86465f248f">
src/providers/ldap/ldap_opts.c
</a>
</li>
<li class="file-stats">
<a href="#a4eaa60a643bf66ea1508a712bc9bfba04575ebf">
src/providers/ldap/sdap.c
</a>
</li>
<li class="file-stats">
<a href="#a515b227fd0b9b56cb96257898c923760995c8d2">
src/providers/ldap/sdap.h
</a>
</li>
<li class="file-stats">
<a href="#3dca029957804f388b5586ecd15e2befa972dab0">
src/providers/ldap/sdap_async.c
</a>
</li>
<li class="file-stats">
<a href="#952f0470b16e09e7729688ffad77df5b2185a710">
src/providers/ldap/sdap_async_connection.c
</a>
</li>
<li class="file-stats">
<a href="#80c8acccba32c687a351047d5e6165317459f189">
src/python/pyhbac.c
</a>
</li>
<li class="file-stats">
<a href="#9ad65432b669748b7fbf6be27fc92b066b128101">
src/python/pysss.c
</a>
</li>
<li class="file-stats">
<a href="#14f14c40b9c2a33b3121e5f602a6dca38b1daff0">
src/python/pysss_murmur.c
</a>
</li>
<li class="file-stats">
<a href="#4f763ca243c6e924195255f38defb4d443bd205b">
src/python/pysss_nss_idmap.c
</a>
</li>
<li class="file-stats">
<a href="#870759f4a22b0caba6a5645943dd9342beb96d37">
src/util/sss_python.c
→
src/python/sss_python.c
</a>
</li>
<li class="file-stats">
<a href="#d831c0fd4563e1fe83adb0b2cd9020068c5ce7c8">
src/util/sss_python.h
→
src/python/sss_python.h
</a>
</li>
<li class="file-stats">
<a href="#b1cd2443c5cdc95f0703d1102d88c93518b057ea">
src/responder/common/cache_req/cache_req_domain.c
</a>
</li>
<li class="file-stats">
<a href="#7bfaa921c3fe7cce88126a8248c71eb5d0368c0f">
src/responder/common/cache_req/cache_req_search.c
</a>
</li>
<li class="file-stats">
<a href="#55330aced7f66bfd32094aa4dff021d293455c3c">
src/responder/common/cache_req/plugins/cache_req_group_by_filter.c
</a>
</li>
<li class="file-stats">
<a href="#65b626f4c48473367736bcc9c62ad312dd428dfd">
src/responder/common/cache_req/plugins/cache_req_group_by_name.c
</a>
</li>
<li class="file-stats">
<a href="#3ed5d166f54ce1368e068907694950b2279e7254">
src/responder/common/cache_req/plugins/cache_req_initgroups_by_name.c
</a>
</li>
<li class="file-stats">
<a href="#b7f96ef3e83f1d6b8d4b3e9e76f441c2b17b3967">
src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c
</a>
</li>
<li class="file-stats">
<a href="#c44e7208573a7a96493695af038cec1142a1254a">
src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c
</a>
</li>
<li class="file-stats">
<a href="#180d34f59882694f929c36dc91e8b4f55d62e8af">
src/responder/common/cache_req/plugins/cache_req_object_by_name.c
</a>
</li>
<li class="file-stats">
<a href="#fe9e94d0b66f048d0f145b097798f35c5eb2736d">
src/responder/common/cache_req/plugins/cache_req_subid_ranges_by_name.c
</a>
</li>
<li class="file-stats">
<a href="#b98f95e4890cc8081354a8b0e1f0e04abe05ffb1">
src/responder/common/cache_req/plugins/cache_req_svc_by_port.c
</a>
</li>
<li class="file-stats">
<a href="#ab4ecb0b0abd1a85cc7460664602b6bd2064b483">
src/responder/common/cache_req/plugins/cache_req_user_by_filter.c
</a>
</li>
<li class="file-stats">
<a href="#04b7a45e516a335640545aa3925d264efce13baa">
src/responder/common/cache_req/plugins/cache_req_user_by_name.c
</a>
</li>
<li class="file-stats">
<a href="#01192d3ebb359fcb7656961b15bb0ff371fb2cf2">
src/responder/common/negcache.c
</a>
</li>
<li class="file-stats">
<a href="#5daa368d8cf2d2f1c0e7c3ef15d21cf84e269722">
src/responder/common/negcache.h
</a>
</li>
<li class="file-stats">
<a href="#bdd68c263ba93f9ceef9be5e8fc28fea8ff7d4a4">
<span class="deleted-file">
−
src/responder/common/negcache_files.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#56d50275e934bcf8babc59124c366520a104502e">
<span class="deleted-file">
−
src/responder/common/negcache_files.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#f5d641cbbd3e502c1ffe8fa053942525db322998">
src/responder/common/responder.h
</a>
</li>
<li class="file-stats">
<a href="#7819b0770a45e7a8fff9af3a04937e8d61726aa5">
src/responder/common/responder_common.c
</a>
</li>
<li class="file-stats">
<a href="#56bccc8ab2f0713c13dc461fb25ba3a1effc715b">
src/responder/common/responder_dp.c
</a>
</li>
<li class="file-stats">
<a href="#dbd990ad1c992c70239b6b6e4618c802d9ae68c9">
src/responder/common/responder_get_domains.c
</a>
</li>
<li class="file-stats">
<a href="#9bedbdb2b5cfa178dacfaef6835d0bd8d69aae17">
src/responder/common/responder_iface.c
</a>
</li>
<li class="file-stats">
<a href="#0766dbbe6cf8c2e441ea662a05eef7d6d5bbcb9f">
src/responder/common/responder_utils.c
</a>
</li>
<li class="file-stats">
<a href="#eb39db0428638e6c22d38215031a1330a9433e24">
src/responder/ifp/ifp_users.c
</a>
</li>
<li class="file-stats">
<a href="#4fb0d3f745d4240e375d7dde27b9f94fc4cc1a7e">
src/responder/ifp/org.freedesktop.sssd.infopipe.conf.in
</a>
</li>
<li class="file-stats">
<a href="#ce9fb8409c5cc83446dfade8054294c4d6567c50">
src/responder/kcm/kcmsrv_ccache.c
</a>
</li>
<li class="file-stats">
<a href="#325349343c624174197372a07d6ce46badee4339">
src/responder/kcm/secrets/secrets.c
</a>
</li>
<li class="file-stats">
<a href="#f1aa08c0de07982c95df474f7e42a8c935468022">
src/responder/nss/nss_get_object.c
</a>
</li>
<li class="file-stats">
<a href="#3061225a643a4374423be08101171365c4be0fb5">
src/responder/nss/nss_protocol_grent.c
</a>
</li>
<li class="file-stats">
<a href="#5f4f936319a08a4993c23a481179e5cdcb15c708">
src/responder/nss/nss_protocol_pwent.c
</a>
</li>
<li class="file-stats">
<a href="#996adc41dcca06b96179e99ed69a43f05db26a20">
src/responder/pam/pamsrv.c
</a>
</li>
<li class="file-stats">
<a href="#518b9ae773ac3e405c9bfc68e949c33aff4d144d">
src/responder/pam/pamsrv_cmd.c
</a>
</li>
<li class="file-stats">
<a href="#be92edb1dfc85b71ea7118d6a7107055e384dd2a">
src/responder/pam/pamsrv_gssapi.c
</a>
</li>
<li class="file-stats">
<a href="#43f517ac5eb4791e2adba7a58eee9c13e79ab681">
src/responder/pam/pamsrv_p11.c
</a>
</li>
<li class="file-stats">
<a href="#a1110a0c741e2dde98cae14e3cc43c0833adda37">
src/responder/pam/pamsrv_passkey.c
</a>
</li>
<li class="file-stats">
<a href="#912f1d68066c9351a6d0116248f507215b2ad954">
src/responder/ssh/ssh_cert_to_ssh_key.c
</a>
</li>
<li class="file-stats">
<a href="#8319fc1e23c3c0a297978915d384a7cb2ad9fd1f">
src/responder/ssh/ssh_cmd.c
</a>
</li>
<li class="file-stats">
<a href="#78424e61da881d8db29d0e1e2b36be6dd5526e89">
<span class="deleted-file">
−
src/responder/ssh/ssh_known_hosts.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#94659cb991f4d1619d290ee2122640184e6a22d9">
src/responder/ssh/ssh_private.h
</a>
</li>
<li class="file-stats">
<a href="#c732371a7f537895e9d08657006ff03815af7bc0">
src/responder/ssh/sshsrv.c
</a>
</li>
<li class="file-stats">
<a href="#dd873f19669d0630efe86dcfd14a4d7d3944c01a">
src/responder/sudo/sudosrv_dp.c
</a>
</li>
<li class="file-stats">
<a href="#a7cec0d702fbf4a7ef93de69eff82236ba23aa50">
src/sbus/sbus_errors.c
</a>
</li>
<li class="file-stats">
<a href="#febf2da3acb9f67c49c910a357cd41ef8b57d674">
<span class="new-file">
+
src/shared/cred.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#d7a290b5f41a40c4b030749d1676fca72422d817">
src/sss_client/common.c
</a>
</li>
<li class="file-stats">
<a href="#2b0ed8de9b40b5f47512ce44bd72b4e79122e60f">
src/sss_client/idmap/sss_nss_idmap.h
</a>
</li>
<li class="file-stats">
<a href="#4bb984c2558081b0ec8cfb55271d9bb4b0ded17d">
src/sss_client/nss_mc.h
</a>
</li>
<li class="file-stats">
<a href="#ad720a2283eca311d50c26afe882737dccd4d255">
src/sss_client/pam_sss.c
</a>
</li>
<li class="file-stats">
<a href="#1b730c98d63365dd36bbdc99293c4c187bea12dc">
src/sss_client/pam_sss_gss.c
</a>
</li>
<li class="file-stats">
<a href="#60a3f7b15a0fdba17635cc97eacf1e0f6cf1a788">
src/sss_client/ssh/sss_ssh_knownhosts.c
</a>
</li>
<li class="file-stats">
<a href="#ba3a79a098b89bfc9df3eca6c0710dc299c52efe">
src/sss_client/ssh/sss_ssh_knownhostsproxy.c
</a>
</li>
<li class="file-stats">
<a href="#d1e6a840bac6311e68c734760827990eabeb8a33">
src/sss_client/sss_cli.h
</a>
</li>
<li class="file-stats">
<a href="#d8827975e56abc2b886416caab63ade98f1c10dd">
src/sss_client/sss_pac_responder_client.c
</a>
</li>
<li class="file-stats">
<a href="#5fb75d0086b2c15afddd4f9d699b2cf970f020af">
src/sss_client/sss_pam_compat.h
</a>
</li>
<li class="file-stats">
<a href="#a8e6e23b4d54f5fde095da3cb9980b1285537f4f">
src/sysv/systemd/sssd-kcm.service.in
</a>
</li>
<li class="file-stats">
<a href="#68f4c9f0a3af28dc801c360a4fcd49ea5b320f64">
src/sysv/systemd/sssd.service.in
</a>
</li>
<li class="file-stats">
<a href="#94854514bffb360831e1d86963cde5200194e98c">
src/tests/cmocka/common_mock_resp.c
</a>
</li>
<li class="file-stats">
<a href="#edece70ea184642def32df4deb5ca46477d0ca63">
src/tests/cmocka/test_ad_common.c
</a>
</li>
<li class="file-stats">
<a href="#d22194ae5ea99c3980ec260b79414b21f0893d74">
src/tests/cmocka/test_domain_resolution_order.c
</a>
</li>
<li class="file-stats">
<a href="#70733650e4ebeedf37a2b373aea4a4a42052477f">
src/tests/cmocka/test_dyndns.c
</a>
</li>
<li class="file-stats">
<a href="#88ccc905e3251876e0ce1c354ccb660e01d622cd">
src/tests/cmocka/test_fqnames.c
</a>
</li>
<li class="file-stats">
<a href="#2a6fd402711a696e80feeffd8b251d5c17843d58">
src/tests/cmocka/test_iobuf.c
</a>
</li>
<li class="file-stats">
<a href="#d17ddbd5db4e69ac237e1f79652a3a3e04975162">
src/tests/cmocka/test_ipa_subdomains_server.c
</a>
</li>
<li class="file-stats">
<a href="#10da9a4193e07154e3a12bacaea65591d9685199">
src/tests/cmocka/test_negcache.c
</a>
</li>
<li class="file-stats">
<a href="#26353418b6e121dc0bd3d198a7f343d60d4e3542">
src/tests/cmocka/test_negcache_2.c
</a>
</li>
<li class="file-stats">
<a href="#519233af081a2fd7d3b8b1a5882feea26a0bbd5a">
src/tests/cmocka/test_nss_srv.c
</a>
</li>
<li class="file-stats">
<a href="#aee9525aec0d254979e18332b65cd4869f15944c">
src/tests/cmocka/test_responder_cache_req.c
</a>
</li>
<li class="file-stats">
<a href="#4825c13c00c62924e36616595bd07bd50037b726">
src/tests/cmocka/test_sss_idmap.c
</a>
</li>
<li class="file-stats">
<a href="#6af2ff50e0f435a8c8d7c3365faf3b5ec7dd423f">
<span class="deleted-file">
−
src/tests/cmocka/test_sss_sifp.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#9a7fa1b766f68d538345bc2c7ffb90591af7b956">
src/tests/cmocka/test_string_utils.c
</a>
</li>
<li class="file-stats">
<a href="#e90d95beced1889b2fd0e00ed66c9a0382f8522f">
src/tests/cmocka/test_sysdb_subdomains.c
</a>
</li>
<li class="file-stats">
<a href="#fa13a4ff7063dea78a41d3f2d323f6a11abca3be">
src/tests/cmocka/test_sysdb_ts_cache.c
</a>
</li>
<li class="file-stats">
<a href="#71fd27ee7de038f41b27860ab7108db6b9b741db">
src/tests/cwrap/Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#eba10c9d03b9dfc5e47853d79cf8674616f9fecb">
<span class="deleted-file">
−
src/tests/cwrap/test_become_user.c
</span>
</a>
</li>
<li class="file-stats">
<a href="#7e76685516361047558fbd6322ae6fc4562926af">
src/tests/dlopen-tests.c
</a>
</li>
<li class="file-stats">
<a href="#c86699bc4e1931938b7c3e8f79a746d166b77ed3">
src/tests/intg/Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#7d9f8d2f2bf18e90c37aaf947c01b74f88b35fa1">
src/tests/intg/ldap_ent.py
</a>
</li>
<li class="file-stats">
<a href="#5a34d65aa09f634b1241b5b482b47013fbe6638c">
<span class="new-file">
+
src/tests/intg/sssd_services.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#17e19a1f6fe8485063085eccc13ebc301b338406">
<span class="deleted-file">
−
src/tests/intg/test_files_provider.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#626fe740f51f3fe33d742a7cc66449055f2f35b7">
src/tests/intg/test_ldap.py
</a>
</li>
<li class="file-stats">
<a href="#7824a2f6a4d117766dde86990c220784d819f807">
src/tests/intg/test_pam_responder.py
</a>
</li>
<li class="file-stats">
<a href="#214af2bbb55792ee815669b154b056239baea1c8">
src/tests/intg/test_resolver.py
</a>
</li>
<li class="file-stats">
<a href="#cf70f8abf1e04828442975196bde15e41c0ecc1a">
<span class="deleted-file">
−
src/tests/intg/test_ssh_pubkey.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#fa844b1390f923281226a20ef33dbbeb84c88372">
src/tests/multihost/ad/pytest.ini
</a>
</li>
<li class="file-stats">
<a href="#0edbd752742d05bfda34388f7b49063af3c847c9">
src/tests/multihost/ad/test_access_control.py
</a>
</li>
<li class="file-stats">
<a href="#31e12825e4314f84159448e240607d7735c9c17e">
src/tests/multihost/ad/test_adparameters.py
</a>
</li>
<li class="file-stats">
<a href="#d2e58f5dd4c5bda49a64a13d34e6ebc580f77a09">
src/tests/multihost/admultidomain/pytest.ini
</a>
</li>
<li class="file-stats">
<a href="#5420b0561b0ffe300575f426fd93d598610b7487">
src/tests/multihost/adsites/pytest.ini
</a>
</li>
<li class="file-stats">
<a href="#21353363a4ffece9a936d0d87dbbe3d2a793aa66">
src/tests/multihost/alltests/pytest.ini
</a>
</li>
<li class="file-stats">
<a href="#37fe79cdda1aa4b159b618e127274c1013cdc221">
src/tests/multihost/alltests/test_misc.py
→
src/tests/multihost/alltests/test_all_misc.py
</a>
</li>
<li class="file-stats">
<a href="#81530c9a7249be349231f43f4c7dece02913fc0f">
src/tests/multihost/alltests/test_automount.py
</a>
</li>
<li class="file-stats">
<a href="#35ec17f2450ceef8bebef9c77ce332e2e5d0833e">
src/tests/multihost/alltests/test_config_merging.py
</a>
</li>
<li class="file-stats">
<a href="#9ce2ec065e08dc0d147b6007d6e4e36c399845d2">
<span class="deleted-file">
−
src/tests/multihost/alltests/test_misc_proxy.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#006316014faec5a3a6276568d45ab1802ac7f352">
src/tests/multihost/alltests/test_multidomain.py
</a>
</li>
<li class="file-stats">
<a href="#b8a251f41783024a892d489fd36c4d2c420cae26">
<span class="deleted-file">
−
src/tests/multihost/alltests/test_proxy_provider_krb_auth.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#3dc0d51f87d6bf70ec05693fbc9709d5466239a2">
<span class="deleted-file">
−
src/tests/multihost/alltests/test_proxy_rfc2307.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#fc7366c384d0822799ca7cea4e0494cac23354df">
<span class="deleted-file">
−
src/tests/multihost/alltests/test_proxy_rfc2307bis.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#f02e9e92bbb309e891e34e9f5169ee2158c2225c">
src/tests/multihost/alltests/test_services.py
</a>
</li>
<li class="file-stats">
<a href="#6e8b8e20e851bcdc034693e6004fd7eeda21b429">
<span class="deleted-file">
−
src/tests/multihost/alltests/test_sssctl_local.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#8dc7087931e2a0b69fcd49636ab9c02bf1aad8f1">
src/tests/multihost/ipa/pytest.ini
</a>
</li>
<li class="file-stats">
<a href="#b157e73fcd1877f330c824b4c17e72cd7b292014">
src/tests/multihost/sssd/testlib/common/qe_class.py
</a>
</li>
<li class="file-stats">
<a href="#3a14a712e9b4d3dc6fdeee7e7dd6e06c48143081">
src/tests/multihost/sssd/testlib/common/utils.py
</a>
</li>
<li class="file-stats">
<a href="#8bff5a4151cbdeb61119d4471d6b3f44e105e265">
src/tests/sysdb-tests.c
</a>
</li>
<li class="file-stats">
<a href="#fce2385a4b4009182151199012636876e0f8d9bb">
<span class="new-file">
+
src/tests/system/data/test_ipa/certificate
</span>
</a>
</li>
<li class="file-stats">
<a href="#c602313d34dbb43faae0f9614f8db56b0bda8b30">
src/tests/system/mhc.yaml
</a>
</li>
<li class="file-stats">
<a href="#9cc19873e93c3894bead13366703c12aba98a942">
src/tests/system/pytest.ini
</a>
</li>
<li class="file-stats">
<a href="#1c51d09946b9c6927245f1ea4d68e2b3d43b5b53">
src/tests/system/tests/readme.rst
</a>
</li>
<li class="file-stats">
<a href="#70f93eed386bab59272257d2085e0f6e0dcb24a9">
<span class="new-file">
+
src/tests/system/tests/test_access_control_ldap_filter.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#e41660196d51ccbe2c8c3c65170181fc0d9e2b0f">
<span class="new-file">
+
src/tests/system/tests/test_access_control_simple.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#4055e41fe83cdc55b35b70c0b04c7b79200b9f22">
src/tests/system/tests/test_ad.py
</a>
</li>
<li class="file-stats">
<a href="#5f64bacfb08be99f4698ade425dab3755d0ac914">
src/tests/system/tests/test_authentication.py
</a>
</li>
<li class="file-stats">
<a href="#92831a66c4ca2ea9918879c9751e2cfb56c76f54">
src/tests/system/tests/test_autofs.py
</a>
</li>
<li class="file-stats">
<a href="#f6a1fae210fbb4682b7e1af6bcea32afed3d25e3">
src/tests/system/tests/test_cache.py
</a>
</li>
<li class="file-stats">
<a href="#5e41c10984d4f396af5296c3e31f2a0d9d34e65b">
src/tests/system/tests/test_failover.py
</a>
</li>
<li class="file-stats">
<a href="#5966c000390b0080f2978a0f2e0dfa2ec5700f57">
<span class="new-file">
+
src/tests/system/tests/test_feature.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#5790ae0047cecb7fd44d4253456797cf312ba30f">
<span class="deleted-file">
−
src/tests/system/tests/test_files.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#de039fb47c3fe72466e62ecdf72b3698a970e13a">
<span class="new-file">
+
src/tests/system/tests/test_idp.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#6e5906a9641eab20a308bd1215c1fe4e7998f954">
src/tests/system/tests/test_infopipe.py
</a>
</li>
<li class="file-stats">
<a href="#12870276c1e39d1b07d1c70799d3455c98b542d0">
src/tests/system/tests/test_ipa.py
</a>
</li>
<li class="file-stats">
<a href="#6c58d7f661f40f2017026b7c2bdaa8acf5027f5c">
src/tests/system/tests/test_kcm.py
</a>
</li>
<li class="file-stats">
<a href="#d9478fcb0d4456a87e4f30464315f5fc4c04677d">
src/tests/system/tests/test_ldap.py
</a>
</li>
<li class="file-stats">
<a href="#815db17ac5bd955586ec749adad3924b6b74eee8">
src/tests/system/tests/test_memcache.py
</a>
</li>
<li class="file-stats">
<a href="#c25628ea1ca15461a3913ff462d9b70aee571c0a">
src/tests/system/tests/test_netgroups.py
</a>
</li>
<li class="file-stats">
<a href="#0d04098618d152925cfbbee1b4891a20db4e7e3a">
<span class="new-file">
+
src/tests/system/tests/test_oidc_child.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#6e96edd4fb188de824b188c6c9cd3e29be3cef29">
src/tests/system/tests/test_proxy.py
</a>
</li>
<li class="file-stats">
<a href="#039d2b061f5e4deaef10f8299bd86a0d4029e8f5">
src/tests/system/tests/test_schema.py
</a>
</li>
<li class="file-stats">
<a href="#aa04a56609bbb593015d4615b2f12847de64eb52">
<span class="new-file">
+
src/tests/system/tests/test_smartcard.py
</span>
</a>
</li>
<li class="file-stats">
<a href="#29be1ee579d84986667699a5f5d37113cb210838">
src/tests/system/tests/test_sss_override.py
</a>
</li>
<li class="file-stats">
<a href="#b9a400bd60a106942958dc0a02344e91e49d75fc">
src/tests/system/tests/test_sssctl.py
</a>
</li>
<li class="file-stats">
<a href="#1eff6cd38117e40b4675eb4c843b85a4f24b3b3b">
src/tests/util-tests.c
</a>
</li>
<li class="file-stats">
<a href="#1666d80b53e7602790034e477a5be805141d0281">
src/tools/sss_override.c
</a>
</li>
<li class="file-stats">
<a href="#42bce36f2f66adf2fda40bceac31bdfc0c423488">
src/tools/sssctl/sssctl_cache.c
</a>
</li>
<li class="file-stats">
<a href="#176075ab1b849ef07c34de7378919fe1d36c2ec1">
src/tools/tools_mc_util.c
</a>
</li>
<li class="file-stats">
<a href="#c7f237af5afe06844745471ec30e1bd3106507a4">
src/util/atomic_io.h
</a>
</li>
<li class="file-stats">
<a href="#da7d2ebfdd58c4f578f0da624ff3fc4a9083b2da">
src/util/authtok.c
</a>
</li>
<li class="file-stats">
<a href="#0fbd2dc1e505374ba766c44a82d4dfae24422000">
src/util/authtok.h
</a>
</li>
<li class="file-stats">
<a href="#cbfdbe240367aacb680c86a1ae14510845e5427c">
src/util/capabilities.c
</a>
</li>
<li class="file-stats">
<a href="#46e6e4e98d810251dad87208e3d119889fc42440">
src/util/cert/libcrypto/cert.c
</a>
</li>
<li class="file-stats">
<a href="#93ff1bac98127f659549389c1a2a436fd373e73f">
src/util/child_common.c
</a>
</li>
<li class="file-stats">
<a href="#3b46ae779b0a9bd9fc2420c7fbeca25a585fb9f3">
src/util/child_common.h
</a>
</li>
<li class="file-stats">
<a href="#99dccdd20780e18657d02e6140298a6793e96555">
src/util/crypto/libcrypto/crypto_sha512crypt.c
</a>
</li>
<li class="file-stats">
<a href="#e47cafa0eba1d8e82561d1d6a8f80edf30c2a16e">
src/util/debug.h
</a>
</li>
<li class="file-stats">
<a href="#77699e941a3358005f766e38d029a7d5b9a4d7c4">
src/util/domain_info_utils.c
</a>
</li>
<li class="file-stats">
<a href="#a15bb96cabacd53ceb6295aa93f5c19dc24385ab">
src/util/server.c
</a>
</li>
<li class="file-stats">
<a href="#925a989ade318787c331c43ab34625d66268fc9f">
src/util/sss_ini.c
</a>
</li>
<li class="file-stats">
<a href="#f6b1dc0085dd82de4c526ac6b54f454d89e6c411">
src/util/sss_ldap.c
</a>
</li>
<li class="file-stats">
<a href="#c88b5885cf2b71151faa4f985221654fe87cebe9">
src/util/sss_ldap.h
</a>
</li>
<li class="file-stats">
<a href="#bd971030d81bf485374b705c487dc063613cb095">
src/util/sss_log.c
</a>
</li>
<li class="file-stats">
<a href="#35044c41eeff1984e27a19dfb5a02671f1ae762b">
src/lib/sifp/sss_sifp_utils.c
→
src/util/sss_prctl.c
</a>
</li>
<li class="file-stats">
<a href="#d6210f86d5445e04323841655597dba009f94a03">
<span class="new-file">
+
src/util/sss_prctl.h
</span>
</a>
</li>
<li class="file-stats">
<a href="#efa90ad4461f34bf9b9812eb2f2d28d2c33d4c65">
src/util/sss_sockets.c
</a>
</li>
<li class="file-stats">
<a href="#08c1d63019f39d5f787332b9d12eecb7c4d74dce">
src/util/sss_tc_utf8.c
</a>
</li>
<li class="file-stats">
<a href="#f683735bbaedea263f7d6d4096eab30376f110d9">
src/util/string_utils.c
</a>
</li>
<li class="file-stats">
<a href="#be6cfd8bad0abb4112f475118c434d54ce45f5fd">
src/util/usertools.c
</a>
</li>
<li class="file-stats">
<a href="#dfaa328ba65cbcfe079945a9d0fcbf665047e568">
src/util/util.h
</a>
</li>
<li class="file-stats">
<a href="#2441a742b93419b93dc26cbb5b36271a5241bbe1">
src/util/util_creds.h
</a>
</li>
<li class="file-stats">
<a href="#fb14cf8ce632e04f35bcacb480a8a5659b41a27b">
src/util/util_errors.h
</a>
</li>
<li class="file-stats">
<a href="#836d4fe4ee2163d2f04919c9dd927c460d8d4ef6">
version.m4
</a>
</li>
</ul>
<h5 style="margin-top: 10px; margin-bottom: 10px; font-size: .875rem;">
The diff was not included because it is too large.
</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #626168;">
—
<br>
<a href="https://salsa.debian.org/sssd-team/sssd/-/compare/5d6c56b999f1a583bbecd5b71ee237a508fe71fc...9d4cb2e29aea28bd53aa36d6cd02c6700607a4de">View it on GitLab</a>.
<br>
You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>
<span style="color: transparent; font-size: 0; display: none; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0;">
Notification message regarding https://salsa.debian.org/sssd-team/sssd/-/compare/5d6c56b999f1a583bbecd5b71ee237a508fe71fc...9d4cb2e29aea28bd53aa36d6cd02c6700607a4de at 1762785346
</span>
</p>
</div>
</body>
</html>