diff --git a/.gitignore b/.gitignore
index 8927f97..f74e090 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/sssd-2.6.2.tar.gz
+SOURCES/sssd-2.7.3.tar.gz
diff --git a/.sssd.metadata b/.sssd.metadata
index b533b3d..6132eb6 100644
--- a/.sssd.metadata
+++ b/.sssd.metadata
@@ -1 +1 @@
-c520edf841399668ed81881850a6581bd293b371 SOURCES/sssd-2.6.2.tar.gz
+0e0df66226d7e0bfdff7315a0e5e08458c822c8d SOURCES/sssd-2.7.3.tar.gz
diff --git a/SOURCES/0001-Makefile-remove-unneeded-dependency.patch b/SOURCES/0001-Makefile-remove-unneeded-dependency.patch
new file mode 100644
index 0000000..271a5d8
--- /dev/null
+++ b/SOURCES/0001-Makefile-remove-unneeded-dependency.patch
@@ -0,0 +1,51 @@
+From 4e9e83210601043abab6098f2bda67ae6704fe3e Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Thu, 21 Jul 2022 20:16:32 +0200
+Subject: [PATCH] Makefile: remove unneeded dependency
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Justin Stephenson <jstephen@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit c6226c2986ffae9ed17562eb40407367ca37d23f)
+---
+ Makefile.am | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 669a0fc56..92d046888 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -1766,12 +1766,10 @@ sssd_kcm_CFLAGS = \
+ $(KRB5_CFLAGS) \
+ $(UUID_CFLAGS) \
+ $(CURL_CFLAGS) \
+- $(JANSSON_CFLAGS) \
+ $(NULL)
+ sssd_kcm_LDADD = \
+ $(LIBADD_DL) \
+ $(KRB5_LIBS) \
+- $(JANSSON_LIBS) \
+ $(SSSD_LIBS) \
+ $(UUID_LIBS) \
+ $(SYSTEMD_DAEMON_LIBS) \
+@@ -3792,7 +3790,6 @@ test_kcm_marshalling_CFLAGS = \
+ $(UUID_CFLAGS) \
+ $(NULL)
+ test_kcm_marshalling_LDADD = \
+- $(JANSSON_LIBS) \
+ $(UUID_LIBS) \
+ $(KRB5_LIBS) \
+ $(CMOCKA_LIBS) \
+@@ -3855,7 +3852,6 @@ test_kcm_renewals_LDFLAGS = \
+ test_kcm_renewals_LDADD = \
+ $(LIBADD_DL) \
+ $(UUID_LIBS) \
+- $(JANSSON_LIBS) \
+ $(KRB5_LIBS) \
+ $(CARES_LIBS) \
+ $(CMOCKA_LIBS) \
+--
+2.37.1
+
diff --git a/SOURCES/0001-ipa-fix-reply-socket-of-selinux_child.patch b/SOURCES/0001-ipa-fix-reply-socket-of-selinux_child.patch
deleted file mode 100644
index 068853a..0000000
--- a/SOURCES/0001-ipa-fix-reply-socket-of-selinux_child.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 5a2e0ebe83913e317f66478daeff35987c278e27 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Tue, 4 Jan 2022 10:11:49 +0100
-Subject: [PATCH] ipa: fix reply socket of selinux_child
-
-Commit c92d39a30fa0162d4efdfbe5883c8ea9911a2249 accidentally switched
-the reply socket of selinux_child from stdout to stderr while switching
-from exec_child to exec_child_ex. This patch returns the original
-behavior.
-
-Resolves: https://github.com/SSSD/sssd/issues/5939
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- src/providers/ipa/ipa_selinux.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
-index 6f885c0fd..2e0593dd7 100644
---- a/src/providers/ipa/ipa_selinux.c
-+++ b/src/providers/ipa/ipa_selinux.c
-@@ -714,7 +714,7 @@ static errno_t selinux_fork_child(struct selinux_child_state *state)
- if (pid == 0) { /* child */
- exec_child_ex(state, pipefd_to_child, pipefd_from_child,
- SELINUX_CHILD, SELINUX_CHILD_LOG_FILE, extra_args,
-- false, STDIN_FILENO, STDERR_FILENO);
-+ false, STDIN_FILENO, STDOUT_FILENO);
- DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n",
- ret, sss_strerror(ret));
- return ret;
---
-2.26.3
-
diff --git a/SOURCES/0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch b/SOURCES/0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch
new file mode 100644
index 0000000..6caa8fc
--- /dev/null
+++ b/SOURCES/0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch
@@ -0,0 +1,155 @@
+From 03142f8de42faf4f75465d24d3be9a49c2dd86f7 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 29 Jul 2022 14:57:20 +0200
+Subject: [PATCH] CLIENT:MC: store context mutex outside of context as it
+ should survive context destruction / re-initialization
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit 0f3a761ed9d654a61f8caed8eae3863c518b9911)
+---
+ src/sss_client/nss_mc.h | 4 ++--
+ src/sss_client/nss_mc_common.c | 10 ++++++++--
+ src/sss_client/nss_mc_group.c | 5 +++++
+ src/sss_client/nss_mc_initgr.c | 5 +++++
+ src/sss_client/nss_mc_passwd.c | 5 +++++
+ src/sss_client/nss_mc_sid.c | 5 +++++
+ 6 files changed, 30 insertions(+), 4 deletions(-)
+
+diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h
+index b66e8f09f..de1496ccc 100644
+--- a/src/sss_client/nss_mc.h
++++ b/src/sss_client/nss_mc.h
+@@ -48,7 +48,7 @@ enum sss_mc_state {
+ struct sss_cli_mc_ctx {
+ enum sss_mc_state initialized;
+ #if HAVE_PTHREAD
+- pthread_mutex_t mutex;
++ pthread_mutex_t *mutex;
+ #endif
+ int fd;
+
+@@ -67,7 +67,7 @@ struct sss_cli_mc_ctx {
+ };
+
+ #if HAVE_PTHREAD
+-#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, PTHREAD_MUTEX_INITIALIZER, 1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
++#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), 1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
+ #else
+ #define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, 1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
+ #endif
+diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c
+index c73a93a9a..f38a4a85a 100644
+--- a/src/sss_client/nss_mc_common.c
++++ b/src/sss_client/nss_mc_common.c
+@@ -58,14 +58,14 @@ do { \
+ static void sss_mt_lock(struct sss_cli_mc_ctx *ctx)
+ {
+ #if HAVE_PTHREAD
+- pthread_mutex_lock(&ctx->mutex);
++ pthread_mutex_lock(ctx->mutex);
+ #endif
+ }
+
+ static void sss_mt_unlock(struct sss_cli_mc_ctx *ctx)
+ {
+ #if HAVE_PTHREAD
+- pthread_mutex_unlock(&ctx->mutex);
++ pthread_mutex_unlock(ctx->mutex);
+ #endif
+ }
+
+@@ -131,6 +131,9 @@ errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx)
+ static void sss_nss_mc_destroy_ctx(struct sss_cli_mc_ctx *ctx)
+ {
+ uint32_t active_threads = ctx->active_threads;
++#if HAVE_PTHREAD
++ pthread_mutex_t *mutex = ctx->mutex;
++#endif
+
+ if ((ctx->mmap_base != NULL) && (ctx->mmap_size != 0)) {
+ munmap(ctx->mmap_base, ctx->mmap_size);
+@@ -143,6 +146,9 @@ static void sss_nss_mc_destroy_ctx(struct sss_cli_mc_ctx *ctx)
+
+ /* restore count of active threads */
+ ctx->active_threads = active_threads;
++#if HAVE_PTHREAD
++ ctx->mutex = mutex;
++#endif
+ }
+
+ static errno_t sss_nss_mc_init_ctx(const char *name,
+diff --git a/src/sss_client/nss_mc_group.c b/src/sss_client/nss_mc_group.c
+index 2ea40c435..d4f2a82ab 100644
+--- a/src/sss_client/nss_mc_group.c
++++ b/src/sss_client/nss_mc_group.c
+@@ -29,7 +29,12 @@
+ #include "nss_mc.h"
+ #include "shared/safealign.h"
+
++#if HAVE_PTHREAD
++static pthread_mutex_t gr_mc_ctx_mutex = PTHREAD_MUTEX_INITIALIZER;
++static struct sss_cli_mc_ctx gr_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER(&gr_mc_ctx_mutex);
++#else
+ static struct sss_cli_mc_ctx gr_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER;
++#endif
+
+ static errno_t sss_nss_mc_parse_result(struct sss_mc_rec *rec,
+ struct group *result,
+diff --git a/src/sss_client/nss_mc_initgr.c b/src/sss_client/nss_mc_initgr.c
+index b05946263..bd7282935 100644
+--- a/src/sss_client/nss_mc_initgr.c
++++ b/src/sss_client/nss_mc_initgr.c
+@@ -32,7 +32,12 @@
+ #include "nss_mc.h"
+ #include "shared/safealign.h"
+
++#if HAVE_PTHREAD
++static pthread_mutex_t initgr_mc_ctx_mutex = PTHREAD_MUTEX_INITIALIZER;
++static struct sss_cli_mc_ctx initgr_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER(&initgr_mc_ctx_mutex);
++#else
+ static struct sss_cli_mc_ctx initgr_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER;
++#endif
+
+ static errno_t sss_nss_mc_parse_result(struct sss_mc_rec *rec,
+ long int *start, long int *size,
+diff --git a/src/sss_client/nss_mc_passwd.c b/src/sss_client/nss_mc_passwd.c
+index 01c6801da..256d48444 100644
+--- a/src/sss_client/nss_mc_passwd.c
++++ b/src/sss_client/nss_mc_passwd.c
+@@ -28,7 +28,12 @@
+ #include <time.h>
+ #include "nss_mc.h"
+
++#if HAVE_PTHREAD
++static pthread_mutex_t pw_mc_ctx_mutex = PTHREAD_MUTEX_INITIALIZER;
++static struct sss_cli_mc_ctx pw_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER(&pw_mc_ctx_mutex);
++#else
+ static struct sss_cli_mc_ctx pw_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER;
++#endif
+
+ static errno_t sss_nss_mc_parse_result(struct sss_mc_rec *rec,
+ struct passwd *result,
+diff --git a/src/sss_client/nss_mc_sid.c b/src/sss_client/nss_mc_sid.c
+index af7d7bbd5..52e684da5 100644
+--- a/src/sss_client/nss_mc_sid.c
++++ b/src/sss_client/nss_mc_sid.c
+@@ -30,7 +30,12 @@
+ #include "util/mmap_cache.h"
+ #include "idmap/sss_nss_idmap.h"
+
++#if HAVE_PTHREAD
++static pthread_mutex_t sid_mc_ctx_mutex = PTHREAD_MUTEX_INITIALIZER;
++static struct sss_cli_mc_ctx sid_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER(&sid_mc_ctx_mutex);
++#else
+ static struct sss_cli_mc_ctx sid_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER;
++#endif
+
+ static errno_t mc_get_sid_by_typed_id(uint32_t id, enum sss_id_type object_type,
+ char **sid, uint32_t *type,
+--
+2.37.1
+
diff --git a/SOURCES/0002-ad-add-required-cn-attribute-to-subdomain-object.patch b/SOURCES/0002-ad-add-required-cn-attribute-to-subdomain-object.patch
deleted file mode 100644
index 2ff9888..0000000
--- a/SOURCES/0002-ad-add-required-cn-attribute-to-subdomain-object.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From bf6059eb55c8caa3111ef718db1676c96a67c084 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 16 Dec 2021 11:14:18 +0100
-Subject: [PATCH] ad: add required 'cn' attribute to subdomain object
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If the forest root is not part of the return trusted domain objects
-from the local domain controller we generate an object for further
-processing. During this processing it is expected that the 'cn'
-attribute is set and contains the name of the forest root. So far this
-attribute was missing and it is now added by this patch.
-
-Resolves: https://github.com/SSSD/sssd/issues/5926
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_subdomains.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index 0353de76f..0c3f8ac31 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -1646,6 +1646,13 @@ static void ad_check_root_domain_done(struct tevent_req *subreq)
- goto done;
- }
-
-+ ret = sysdb_attrs_add_string(state->reply[0], AD_AT_DOMAIN_NAME,
-+ state->forest);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
-+ goto done;
-+ }
-+
- err = sss_idmap_sid_to_bin_sid(state->idmap_ctx->map, id,
- &id_val.data, &id_val.length);
- if (err != IDMAP_SUCCESS) {
---
-2.26.3
-
diff --git a/SOURCES/0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch b/SOURCES/0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch
new file mode 100644
index 0000000..965ceaa
--- /dev/null
+++ b/SOURCES/0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch
@@ -0,0 +1,36 @@
+From 49eb871847a94311bbd2190a315230e4bae1ea2c Mon Sep 17 00:00:00 2001
+From: Justin Stephenson <jstephen@redhat.com>
+Date: Mon, 1 Aug 2022 09:54:51 -0400
+Subject: [PATCH] CACHE_REQ: Fix hybrid lookup log spamming
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Skip calling cache_req_data_set_hybrid_lookup() when hybrid data
+is NULL for certain NSS request types (e.g. Service by Name).
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+(cherry picked from commit 96a1dce8096d45e986ab01aaac11d8c77c36d1d7)
+---
+ src/responder/nss/nss_get_object.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c
+index 9762d6bfe..5a2e7e9bd 100644
+--- a/src/responder/nss/nss_get_object.c
++++ b/src/responder/nss/nss_get_object.c
+@@ -171,7 +171,9 @@ hybrid_domain_retry_data(TALLOC_CTX *mem_ctx,
+ input_name);
+ }
+
+- cache_req_data_set_hybrid_lookup(hybrid_data, true);
++ if (hybrid_data != NULL) {
++ cache_req_data_set_hybrid_lookup(hybrid_data, true);
++ }
+
+ return hybrid_data;
+ }
+--
+2.37.1
+
diff --git a/SOURCES/0003-krb5-AD-and-IPA-don-t-change-Kerberos-port.patch b/SOURCES/0003-krb5-AD-and-IPA-don-t-change-Kerberos-port.patch
deleted file mode 100644
index 07f55b0..0000000
--- a/SOURCES/0003-krb5-AD-and-IPA-don-t-change-Kerberos-port.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-From ca8cef0fc2f6066811105f4c201070cda38c4064 Mon Sep 17 00:00:00 2001
-From: Iker Pedrosa <ipedrosa@redhat.com>
-Date: Thu, 13 Jan 2022 11:28:30 +0100
-Subject: [PATCH] krb5: AD and IPA don't change Kerberos port
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-AD and IPA providers use a common fo_server object for LDAP and
-Kerberos, which is created with the LDAP data. This means that due to
-the changes introduced in
-https://github.com/SSSD/sssd/commit/1e747fad4539ffb402010e73f78469fe57af408f
-the port in use for the Kerberos requests would be the one specified for
-LDAP, usually the default one (389).
-
-In order to avoid that, AD and IPA providers shouldn't change the
-Kerberos port with the one provided for LDAP.
-
-:fixes: A critical regression that prevented authentication of users via
-AD and IPA providers was fixed. LDAP port was reused for Kerberos
-communication and this provider would send incomprehensible information
-to this port.
-
-Resolves: https://github.com/SSSD/sssd/issues/5947
-
-Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_common.c | 1 +
- src/providers/ipa/ipa_common.c | 1 +
- src/providers/krb5/krb5_common.c | 34 +++++++++++++++++++-------------
- src/providers/krb5/krb5_common.h | 1 +
- 4 files changed, 23 insertions(+), 14 deletions(-)
-
-diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
-index e263444c5..1ca5f8e3a 100644
---- a/src/providers/ad/ad_common.c
-+++ b/src/providers/ad/ad_common.c
-@@ -1087,6 +1087,7 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
- if (service->krb5_service->write_kdcinfo) {
- ret = write_krb5info_file_from_fo_server(service->krb5_service,
- server,
-+ true,
- SSS_KRB5KDC_FO_SRV,
- ad_krb5info_file_filter);
- if (ret != EOK) {
-diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
-index 1509cb1ce..e6c1f9aa4 100644
---- a/src/providers/ipa/ipa_common.c
-+++ b/src/providers/ipa/ipa_common.c
-@@ -925,6 +925,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
- if (service->krb5_service->write_kdcinfo) {
- ret = write_krb5info_file_from_fo_server(service->krb5_service,
- server,
-+ true,
- SSS_KRB5KDC_FO_SRV,
- NULL);
- if (ret != EOK) {
-diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
-index 719ce6a12..5ffa20809 100644
---- a/src/providers/krb5/krb5_common.c
-+++ b/src/providers/krb5/krb5_common.c
-@@ -690,6 +690,7 @@ static const char* fo_server_address_or_name(TALLOC_CTX *tmp_ctx, struct fo_serv
-
- errno_t write_krb5info_file_from_fo_server(struct krb5_service *krb5_service,
- struct fo_server *server,
-+ bool force_default_port,
- const char *service,
- bool (*filter)(struct fo_server *))
- {
-@@ -731,13 +732,15 @@ errno_t write_krb5info_file_from_fo_server(struct krb5_service *krb5_service,
- if (filter == NULL || filter(server) == false) {
- address = fo_server_address_or_name(tmp_ctx, server);
- if (address) {
-- port = fo_get_server_port(server);
-- if (port != 0) {
-- address = talloc_asprintf(tmp_ctx, "%s:%d", address, port);
-- if (address == NULL) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
-- talloc_free(tmp_ctx);
-- return ENOMEM;
-+ if (!force_default_port) {
-+ port = fo_get_server_port(server);
-+ if (port != 0) {
-+ address = talloc_asprintf(tmp_ctx, "%s:%d", address, port);
-+ if (address == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
-+ talloc_free(tmp_ctx);
-+ return ENOMEM;
-+ }
- }
- }
-
-@@ -775,13 +778,15 @@ errno_t write_krb5info_file_from_fo_server(struct krb5_service *krb5_service,
- continue;
- }
-
-- port = fo_get_server_port(item);
-- if (port != 0) {
-- address = talloc_asprintf(tmp_ctx, "%s:%d", address, port);
-- if (address == NULL) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
-- talloc_free(tmp_ctx);
-- return ENOMEM;
-+ if (!force_default_port) {
-+ port = fo_get_server_port(item);
-+ if (port != 0) {
-+ address = talloc_asprintf(tmp_ctx, "%s:%d", address, port);
-+ if (address == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
-+ talloc_free(tmp_ctx);
-+ return ENOMEM;
-+ }
- }
- }
-
-@@ -821,6 +826,7 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
- if (krb5_service->write_kdcinfo) {
- ret = write_krb5info_file_from_fo_server(krb5_service,
- server,
-+ false,
- krb5_service->name,
- NULL);
- if (ret != EOK) {
-diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
-index 151f446d1..2fd39a751 100644
---- a/src/providers/krb5/krb5_common.h
-+++ b/src/providers/krb5/krb5_common.h
-@@ -174,6 +174,7 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,
-
- errno_t write_krb5info_file_from_fo_server(struct krb5_service *krb5_service,
- struct fo_server *server,
-+ bool force_default_port,
- const char *service,
- bool (*filter)(struct fo_server *));
-
---
-2.26.3
-
diff --git a/SOURCES/0004-Analyzer-Fix-escaping-raw-fstring.patch b/SOURCES/0004-Analyzer-Fix-escaping-raw-fstring.patch
new file mode 100644
index 0000000..7f87ccc
--- /dev/null
+++ b/SOURCES/0004-Analyzer-Fix-escaping-raw-fstring.patch
@@ -0,0 +1,30 @@
+From f90205831c44cc2849c7221e5117b6af808411c3 Mon Sep 17 00:00:00 2001
+From: Justin Stephenson <jstephen@redhat.com>
+Date: Thu, 14 Jul 2022 11:21:04 -0400
+Subject: [PATCH] Analyzer: Fix escaping raw fstring
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
+(cherry picked from commit 3d8622031b5240e215201aae1f9c9d05624cca19)
+---
+ src/tools/analyzer/modules/request.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
+index b8dd9b25c..935e13adc 100644
+--- a/src/tools/analyzer/modules/request.py
++++ b/src/tools/analyzer/modules/request.py
+@@ -243,8 +243,8 @@ class RequestAnalyzer:
+ be_results = False
+ component = source.Component.NSS
+ resp = "nss"
+- pattern = [rf'REQ_TRACE.*\[CID #{cid}\\]']
+- pattern.append(rf"\[CID#{cid}\\]")
++ pattern = [rf'REQ_TRACE.*\[CID #{cid}\]']
++ pattern.append(rf"\[CID#{cid}\]")
+
+ if args.pam:
+ component = source.Component.PAM
+--
+2.37.1
+
diff --git a/SOURCES/0004-po-update-translations.patch b/SOURCES/0004-po-update-translations.patch
deleted file mode 100644
index 0433c32..0000000
--- a/SOURCES/0004-po-update-translations.patch
+++ /dev/null
@@ -1,1249 +0,0 @@
-From e7069c53235d11e2a8f2b58f2781d303bdbe13b3 Mon Sep 17 00:00:00 2001
-From: Weblate <noreply@weblate.org>
-Date: Wed, 5 Jan 2022 13:23:20 +0100
-Subject: [PATCH] po: update translations
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
-
-po: update translations
-
-(Japanese) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
-
-po: update translations
-
-(French) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
-
-po: update translations
-
-(Finnish) currently translated at 3.5% (93 of 2627 strings)
-Translation: SSSD/sssd-manpage
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/fi/
-
-po: update translations
-
-(Swedish) currently translated at 100.0% (2627 of 2627 strings)
-Translation: SSSD/sssd-manpage
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/sv/
-
-po: update translations
-
-(Swedish) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
-
-po: update translations
-
-(Korean) currently translated at 14.4% (379 of 2615 strings)
-Translation: SSSD/sssd-manpage
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
-
-po: update translations
-
-(Korean) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
-
-po: update translations
-
-(Ukrainian) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
-
-po: update translations
-
-(Polish) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
-
-Update translation files
-
-Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.
-
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/
-
-po: update translations
-
-(Korean) currently translated at 14.4% (379 of 2615 strings)
-Translation: SSSD/sssd-manpage
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/ko/
-
-po: update translations
-
-(Korean) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
-
-po: update translations
-
-(Korean) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
-
-po: update translations
-
-(Korean) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ko/
-
-po: update translations
-
-(Finnish) currently translated at 6.1% (38 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/
-
-po: update translations
-
-(Finnish) currently translated at 6.1% (38 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fi/
-
-po: update translations
-
-(Chinese (Traditional) (zh_TW)) currently translated at 7.9% (49 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_TW/
-
-po: update translations
-
-(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
-
-po: update translations
-
-(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
-
-po: update translations
-
-(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
-
-po: update translations
-
-(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
-
-po: update translations
-
-(Ukrainian) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
-
-po: update translations
-
-(Ukrainian) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/uk/
-
-po: update translations
-
-(Turkish) currently translated at 15.1% (94 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
-
-po: update translations
-
-(Turkish) currently translated at 15.1% (94 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tr/
-
-po: update translations
-
-(Tajik) currently translated at 0.9% (6 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/tg/
-
-po: update translations
-
-(Swedish) currently translated at 99.0% (613 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
-
-po: update translations
-
-(Swedish) currently translated at 99.0% (613 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/sv/
-
-po: update translations
-
-(Russian) currently translated at 99.0% (613 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
-
-po: update translations
-
-(Russian) currently translated at 99.0% (613 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
-
-po: update translations
-
-(Russian) currently translated at 99.0% (613 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ru/
-
-po: update translations
-
-(Portuguese (Brazil)) currently translated at 0.8% (5 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pt_BR/
-
-po: update translations
-
-(Portuguese) currently translated at 15.6% (97 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pt/
-
-po: update translations
-
-(Polish) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
-
-po: update translations
-
-(Polish) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/pl/
-
-po: update translations
-
-(Dutch) currently translated at 47.6% (295 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/nl/
-
-po: update translations
-
-(Norwegian Bokmål) currently translated at 2.2% (14 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/nb_NO/
-
-po: update translations
-
-(Japanese) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
-
-po: update translations
-
-(Japanese) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
-
-po: update translations
-
-(Japanese) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ja/
-
-po: update translations
-
-(Italian) currently translated at 19.0% (118 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/it/
-
-po: update translations
-
-(Italian) currently translated at 19.0% (118 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/it/
-
-po: update translations
-
-(Indonesian) currently translated at 8.7% (54 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/id/
-
-po: update translations
-
-(Hungarian) currently translated at 7.1% (44 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/hu/
-
-po: update translations
-
-(French) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
-
-po: update translations
-
-(French) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
-
-po: update translations
-
-(French) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
-
-po: update translations
-
-(French) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/fr/
-
-po: update translations
-
-(Basque) currently translated at 6.7% (42 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/eu/
-
-po: update translations
-
-(Spanish) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
-
-po: update translations
-
-(Spanish) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/es/
-
-po: update translations
-
-(German) currently translated at 51.5% (319 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/de/
-
-po: update translations
-
-(German) currently translated at 51.5% (319 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/de/
-
-po: update translations
-
-(Czech) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
-
-po: update translations
-
-(Czech) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
-
-po: update translations
-
-(Czech) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/cs/
-
-po: update translations
-
-(Catalan) currently translated at 55.7% (345 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/ca/
-
-po: update translations
-
-(Bulgarian) currently translated at 15.1% (94 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/bg/
-
-po: update translations
-
-(Ukrainian) currently translated at 100.0% (2627 of 2627 strings)
-Translation: SSSD/sssd-manpage
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-manpage-master/uk/
-
-po: update translations
-
-(Chinese (Simplified) (zh_CN)) currently translated at 100.0% (619 of 619 strings)
-Translation: SSSD/sssd
-Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-master/zh_CN/
----
- po/cs.po | 6 +++
- po/es.po | 6 +++
- po/fr.po | 19 +++++---
- po/ja.po | 18 +++++---
- po/ko.po | 15 +++---
- po/pl.po | 17 ++++---
- po/sv.po | 21 ++++-----
- po/uk.po | 16 +++++--
- po/zh_CN.po | 25 +++++-----
- src/man/po/fi.po | 10 ++--
- src/man/po/sv.po | 117 +++++++++++++++++------------------------------
- src/man/po/uk.po | 21 +++++----
- 13 files changed, 161 insertions(+), 152 deletions(-)
-
-diff --git a/po/cs.po b/po/cs.po
-index 3a707d70c..abc1f36cc 100644
---- a/po/cs.po
-+++ b/po/cs.po
-@@ -2935,6 +2935,12 @@ msgstr "Informuje, že odpovídač byl aktivován přes dbus"
- #~ "Je doporučeno použít volbu --logdir vůči identifikátoru tevent řetězce "
- #~ "podporovaným záznamům událostí v SSSD.\n"
-
-+#~ msgid ""
-+#~ "NOTE: Tevent chain ID support missing, request analysis will be limited.\n"
-+#~ msgstr ""
-+#~ "POZN.: chybí podpora pro identifikátor tevent řetězce, analýza požadavku "
-+#~ "bude jen základní.\n"
-+
- #~ msgid "Timeout for messages sent over the SBUS"
- #~ msgstr "Časový limit pro zprávy posílané přes SBUS"
-
-diff --git a/po/es.po b/po/es.po
-index dfa4f12f2..2a05620bd 100644
---- a/po/es.po
-+++ b/po/es.po
-@@ -2997,6 +2997,12 @@ msgstr "Informa que el contestador ha sido dbus-activated"
- #~ "Se recomienda usar la opción --logdir contra la ID de la cadena de "
- #~ "eventos soportada por los registros SSSD.\n"
-
-+#~ msgid ""
-+#~ "NOTE: Tevent chain ID support missing, request analysis will be limited.\n"
-+#~ msgstr ""
-+#~ "AVISO: Falta el soporte de identificación de la cadena de eventos, el "
-+#~ "análisis de solicitudes será limitado.\n"
-+
- #~ msgid "Timeout for messages sent over the SBUS"
- #~ msgstr "Tiempo máximo para los mensajes enviados a través de SBUS"
-
-diff --git a/po/fr.po b/po/fr.po
-index 2687f3c1a..b5c2e531c 100644
---- a/po/fr.po
-+++ b/po/fr.po
-@@ -8,7 +8,7 @@
- # Fabien Archambault <marbolangos@gmail.com>, 2012
- # Mariko Vincent <dweu60@gmail.com>, 2012
- # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
--# Ludek Janda <ljanda@redhat.com>, 2020. #zanata, 2021.
-+# Ludek Janda <ljanda@redhat.com>, 2020. #zanata, 2021, 2022.
- # Pavel Brezina <pbrezina@redhat.com>, 2020. #zanata
- # Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>, 2020.
- # Sundeep Anand <suanand@redhat.com>, 2021.
-@@ -17,7 +17,7 @@ msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
- "POT-Creation-Date: 2021-12-23 12:58+0100\n"
--"PO-Revision-Date: 2021-12-22 07:16+0000\n"
-+"PO-Revision-Date: 2022-01-05 12:23+0000\n"
- "Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
- "Language-Team: French <https://translate.fedoraproject.org/projects/sssd/"
- "sssd-master/fr/>\n"
-@@ -26,7 +26,7 @@ msgstr ""
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=2; plural=n > 1;\n"
--"X-Generator: Weblate 4.10\n"
-+"X-Generator: Weblate 4.10.1\n"
-
- #: src/config/SSSDConfig/sssdoptions.py:20
- #: src/config/SSSDConfig/sssdoptions.py:21
-@@ -2085,7 +2085,7 @@ msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password"
-
- #: src/providers/krb5/krb5_child.c:3351
- msgid "Tevent chain ID used for logging purposes"
--msgstr ""
-+msgstr "ID de chaîne Tevent utilisé à des fins de journalisation"
-
- #: src/providers/krb5/krb5_child.c:3379 src/providers/ldap/ldap_child.c:663
- msgid "talloc_asprintf failed.\n"
-@@ -2762,11 +2762,10 @@ msgid "Specify debug level you want to set"
- msgstr "Spécifiez le niveau de débogage que vous souhaitez définir"
-
- #: src/tools/sssctl/sssctl_logs.c:398
--#, fuzzy
- msgid "ERROR: Tevent chain ID support missing, log analyzer is unsupported.\n"
- msgstr ""
--"REMARQUE : Prise en charge de l’ID de chaîne Tevent manquante, l’analyse des "
--"demandes sera limitée.\n"
-+"ERREUR : Prise en charge de l’ID de chaîne Tevent manquante, l’analyseur de "
-+"journal n’est pas pris en charge.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:117
- msgid "SSSD InfoPipe user lookup result:\n"
-@@ -3011,6 +3010,12 @@ msgstr "Informe que le répondeur a été activé par un dbus"
- #~ "Il est recommandé d’utiliser l’option --logdir pour les journaux SSSD "
- #~ "pris en charge par l’ID de chaîne Tevent.\n"
-
-+#~ msgid ""
-+#~ "NOTE: Tevent chain ID support missing, request analysis will be limited.\n"
-+#~ msgstr ""
-+#~ "REMARQUE : Prise en charge de l’ID de chaîne Tevent manquante, l’analyse "
-+#~ "des demandes sera limitée.\n"
-+
- #~ msgid "Running under %"
- #~ msgstr "En cours d’exécution sous %"
-
-diff --git a/po/ja.po b/po/ja.po
-index 3156fe5a7..699980621 100644
---- a/po/ja.po
-+++ b/po/ja.po
-@@ -6,7 +6,7 @@
- # Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013
- # Noriko Mizumoto <noriko.mizumoto@gmail.com>, 2016. #zanata
- # Keiko Moriguchi <kemorigu@redhat.com>, 2019. #zanata
--# Ludek Janda <ljanda@redhat.com>, 2020. #zanata, 2021.
-+# Ludek Janda <ljanda@redhat.com>, 2020. #zanata, 2021, 2022.
- # Pavel Brezina <pbrezina@redhat.com>, 2020. #zanata
- # Sundeep Anand <suanand@redhat.com>, 2021.
- msgid ""
-@@ -14,7 +14,7 @@ msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
- "POT-Creation-Date: 2021-12-23 12:58+0100\n"
--"PO-Revision-Date: 2021-12-22 07:16+0000\n"
-+"PO-Revision-Date: 2022-01-05 12:23+0000\n"
- "Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
- "Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/"
- "sssd-master/ja/>\n"
-@@ -23,7 +23,7 @@ msgstr ""
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=1; plural=0;\n"
--"X-Generator: Weblate 4.10\n"
-+"X-Generator: Weblate 4.10.1\n"
-
- #: src/config/SSSDConfig/sssdoptions.py:20
- #: src/config/SSSDConfig/sssdoptions.py:21
-@@ -1960,7 +1960,7 @@ msgstr "krb5_get_init_creds_password のカスタムバージョンを使用し
-
- #: src/providers/krb5/krb5_child.c:3351
- msgid "Tevent chain ID used for logging purposes"
--msgstr ""
-+msgstr "デバッグのロギングの冗長性を設定する"
-
- #: src/providers/krb5/krb5_child.c:3379 src/providers/ldap/ldap_child.c:663
- msgid "talloc_asprintf failed.\n"
-@@ -2629,10 +2629,8 @@ msgid "Specify debug level you want to set"
- msgstr "設定したいデバッグレベルを指定します"
-
- #: src/tools/sssctl/sssctl_logs.c:398
--#, fuzzy
- msgid "ERROR: Tevent chain ID support missing, log analyzer is unsupported.\n"
--msgstr ""
--"注記: Tevent チェーン ID サポートがないため、リクエスト分析は制限されます。\n"
-+msgstr "エラー: Tevent chain ID サポートがなく、ログアナライザーはサポートされません。\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:117
- msgid "SSSD InfoPipe user lookup result:\n"
-@@ -2877,6 +2875,12 @@ msgstr "レスポンダーが dbus でアクティベートされたと知らせ
- #~ "tevent チェーン ID でサポートされる SSSD ログに対して --logdir オプション"
- #~ "を使用することが推奨されます。\n"
-
-+#~ msgid ""
-+#~ "NOTE: Tevent chain ID support missing, request analysis will be limited.\n"
-+#~ msgstr ""
-+#~ "注記: Tevent チェーン ID サポートがないため、リクエスト分析は制限されま"
-+#~ "す。\n"
-+
- #~ msgid "Running under %"
- #~ msgstr "% 化で実行"
-
-diff --git a/po/ko.po b/po/ko.po
-index 5a27bab30..2dd7cbd52 100644
---- a/po/ko.po
-+++ b/po/ko.po
-@@ -9,8 +9,8 @@ msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
- "POT-Creation-Date: 2021-12-23 12:58+0100\n"
--"PO-Revision-Date: 2021-12-22 07:16+0000\n"
--"Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
-+"PO-Revision-Date: 2021-12-25 00:16+0000\n"
-+"Last-Translator: simmon <simmon@nplob.com>\n"
- "Language-Team: Korean <https://translate.fedoraproject.org/projects/sssd/"
- "sssd-master/ko/>\n"
- "Language: ko\n"
-@@ -18,7 +18,7 @@ msgstr ""
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=1; plural=0;\n"
--"X-Generator: Weblate 4.10\n"
-+"X-Generator: Weblate 4.10.1\n"
-
- #: src/config/SSSDConfig/sssdoptions.py:20
- #: src/config/SSSDConfig/sssdoptions.py:21
-@@ -1929,7 +1929,7 @@ msgstr "krb5_get_init_creds_password의 사용자 지정 버전 사용"
-
- #: src/providers/krb5/krb5_child.c:3351
- msgid "Tevent chain ID used for logging purposes"
--msgstr ""
-+msgstr "로깅 목적을 위해 사용되는 T이벤트 체인 ID"
-
- #: src/providers/krb5/krb5_child.c:3379 src/providers/ldap/ldap_child.c:663
- msgid "talloc_asprintf failed.\n"
-@@ -2588,9 +2588,8 @@ msgid "Specify debug level you want to set"
- msgstr "설정할 디버그 수준 지정"
-
- #: src/tools/sssctl/sssctl_logs.c:398
--#, fuzzy
- msgid "ERROR: Tevent chain ID support missing, log analyzer is unsupported.\n"
--msgstr "참고: Tevent 체인 ID 지원이 누락되어 요청 분석이 제한됩니다.\n"
-+msgstr "오류: T이벤트 체인 ID 지원이 누락되었으며, 로그 분석이 지원되지 않습니다.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:117
- msgid "SSSD InfoPipe user lookup result:\n"
-@@ -2835,6 +2834,10 @@ msgstr "응답자가 dbus-활성화 되었음을 알립니다"
- #~ "tevent 체인 ID에서 지원되는 SSSD 로그에 대해 --logdir 옵션을 사용하는 것"
- #~ "이 좋습니다.\n"
-
-+#~ msgid ""
-+#~ "NOTE: Tevent chain ID support missing, request analysis will be limited.\n"
-+#~ msgstr "참고: Tevent 체인 ID 지원이 누락되어 요청 분석이 제한됩니다.\n"
-+
- #~ msgid "Timeout for messages sent over the SBUS"
- #~ msgstr "SBUS를 통해 전송된 메시지에 시간초과"
-
-diff --git a/po/pl.po b/po/pl.po
-index 60c4090b5..89969bf6e 100644
---- a/po/pl.po
-+++ b/po/pl.po
-@@ -16,7 +16,7 @@ msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
- "POT-Creation-Date: 2021-12-23 12:58+0100\n"
--"PO-Revision-Date: 2021-11-11 11:34+0000\n"
-+"PO-Revision-Date: 2021-12-24 10:33+0000\n"
- "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
- "Language-Team: Polish <https://translate.fedoraproject.org/projects/sssd/"
- "sssd-master/pl/>\n"
-@@ -26,7 +26,7 @@ msgstr ""
- "Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
- "|| n%100>=20) ? 1 : 2;\n"
--"X-Generator: Weblate 4.8.1\n"
-+"X-Generator: Weblate 4.10.1\n"
-
- #: src/config/SSSDConfig/sssdoptions.py:20
- #: src/config/SSSDConfig/sssdoptions.py:21
-@@ -2025,7 +2025,7 @@ msgstr "Użycie niestandardowej wersji krb5_get_init_creds_password"
-
- #: src/providers/krb5/krb5_child.c:3351
- msgid "Tevent chain ID used for logging purposes"
--msgstr ""
-+msgstr "Identyfikator łańcucha tevent używany do celów zapisywania w dzienniku"
-
- #: src/providers/krb5/krb5_child.c:3379 src/providers/ldap/ldap_child.c:663
- msgid "talloc_asprintf failed.\n"
-@@ -2692,11 +2692,10 @@ msgid "Specify debug level you want to set"
- msgstr "Podaje poziom debugowania do ustawienia"
-
- #: src/tools/sssctl/sssctl_logs.c:398
--#, fuzzy
- msgid "ERROR: Tevent chain ID support missing, log analyzer is unsupported.\n"
- msgstr ""
--"UWAGA: brak obsługi identyfikatora łańcucha tevent, analiza żądań będzie "
--"ograniczona.\n"
-+"BŁĄD: brak obsługi identyfikatora łańcucha tevent, analizator dziennika jest "
-+"nieobsługiwany.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:117
- msgid "SSSD InfoPipe user lookup result:\n"
-@@ -2941,6 +2940,12 @@ msgstr "Informuje, że program odpowiadający został aktywowany magistralą D-B
- #~ "Zalecane jest używanie opcji --logdir przy dziennikach SSSD obsługujących "
- #~ "identyfikator łańcucha tevent.\n"
-
-+#~ msgid ""
-+#~ "NOTE: Tevent chain ID support missing, request analysis will be limited.\n"
-+#~ msgstr ""
-+#~ "UWAGA: brak obsługi identyfikatora łańcucha tevent, analiza żądań będzie "
-+#~ "ograniczona.\n"
-+
- #~ msgid "Running under %"
- #~ msgstr "Uruchamianie jako %"
-
-diff --git a/po/sv.po b/po/sv.po
-index 910a89552..d679d83b9 100644
---- a/po/sv.po
-+++ b/po/sv.po
-@@ -13,7 +13,7 @@ msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
- "POT-Creation-Date: 2021-12-23 12:58+0100\n"
--"PO-Revision-Date: 2021-08-08 16:04+0000\n"
-+"PO-Revision-Date: 2021-12-31 15:16+0000\n"
- "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
- "Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/"
- "sssd-master/sv/>\n"
-@@ -22,7 +22,7 @@ msgstr ""
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=2; plural=n != 1;\n"
--"X-Generator: Weblate 4.7.2\n"
-+"X-Generator: Weblate 4.10.1\n"
-
- #: src/config/SSSDConfig/sssdoptions.py:20
- #: src/config/SSSDConfig/sssdoptions.py:21
-@@ -823,9 +823,8 @@ msgstr ""
- "servern när den senaste förfrågan inte hittade någon regel"
-
- #: src/config/SSSDConfig/sssdoptions.py:244
--#, fuzzy
- msgid "Search base for SUBID ranges"
--msgstr "Sökbas för vybehållare"
-+msgstr "Sökbas för SUBAID-intervall"
-
- #: src/config/SSSDConfig/sssdoptions.py:245
- msgid "The LDAP attribute that contains FQDN of the host."
-@@ -1951,7 +1950,7 @@ msgstr "Flaggan -g är inkompatibel med -D eller -i\n"
- #: src/monitor/monitor.c:2401
- #, c-format
- msgid "Running under %<PRIu64>, must be root\n"
--msgstr ""
-+msgstr "Kör under %<PRIu64>, måste vara root\n"
-
- #: src/monitor/monitor.c:2483
- msgid "SSSD is already running\n"
-@@ -1999,7 +1998,7 @@ msgstr "Använd en anpassad version av krb5_get_init_creds_password"
-
- #: src/providers/krb5/krb5_child.c:3351
- msgid "Tevent chain ID used for logging purposes"
--msgstr ""
-+msgstr "Tevent-kedje-ID använt för loggningssyfte"
-
- #: src/providers/krb5/krb5_child.c:3379 src/providers/ldap/ldap_child.c:663
- msgid "talloc_asprintf failed.\n"
-@@ -2335,14 +2334,14 @@ msgid "Error while executing external command\n"
- msgstr "Fel när externt kommando kördes\n"
-
- #: src/tools/sssctl/sssctl.c:123
--#, fuzzy, c-format
-+#, c-format
- msgid "Error while executing external command '%s'\n"
--msgstr "Fel när externt kommando kördes\n"
-+msgstr "Fel när externt kommando kördes ”%s”\n"
-
- #: src/tools/sssctl/sssctl.c:126
--#, fuzzy, c-format
-+#, c-format
- msgid "Command '%s' failed with [%d]\n"
--msgstr "dlsym misslyckades med [%s].\n"
-+msgstr "Kommandot ”%s” misslyckades med [%d].\n"
-
- #: src/tools/sssctl/sssctl.c:173
- msgid "SSSD needs to be running. Start SSSD now?"
-@@ -2665,7 +2664,7 @@ msgstr "Ange felsökningsnivå du vill sätta"
-
- #: src/tools/sssctl/sssctl_logs.c:398
- msgid "ERROR: Tevent chain ID support missing, log analyzer is unsupported.\n"
--msgstr ""
-+msgstr "FEL: stöd för tevent-kedje-ID saknas, logganalysatorn stödjs inte.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:117
- msgid "SSSD InfoPipe user lookup result:\n"
-diff --git a/po/uk.po b/po/uk.po
-index 9ee86deb0..84e63bcc9 100644
---- a/po/uk.po
-+++ b/po/uk.po
-@@ -16,7 +16,7 @@ msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
- "POT-Creation-Date: 2021-12-23 12:58+0100\n"
--"PO-Revision-Date: 2021-11-12 12:05+0000\n"
-+"PO-Revision-Date: 2021-12-25 00:16+0000\n"
- "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
- "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/"
- "sssd-master/uk/>\n"
-@@ -26,7 +26,7 @@ msgstr ""
- "Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
- "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
--"X-Generator: Weblate 4.8.1\n"
-+"X-Generator: Weblate 4.10.1\n"
-
- #: src/config/SSSDConfig/sssdoptions.py:20
- #: src/config/SSSDConfig/sssdoptions.py:21
-@@ -2088,6 +2088,7 @@ msgstr "Використовувати нетипову версію krb5_get_in
- #: src/providers/krb5/krb5_child.c:3351
- msgid "Tevent chain ID used for logging purposes"
- msgstr ""
-+"Ідентифікатор ланцюжка Tevent, який використовується для ведення журналу"
-
- #: src/providers/krb5/krb5_child.c:3379 src/providers/ldap/ldap_child.c:663
- msgid "talloc_asprintf failed.\n"
-@@ -2757,11 +2758,10 @@ msgid "Specify debug level you want to set"
- msgstr "Вкажіть рівень діагностики, яким ви хочете скористатися"
-
- #: src/tools/sssctl/sssctl_logs.c:398
--#, fuzzy
- msgid "ERROR: Tevent chain ID support missing, log analyzer is unsupported.\n"
- msgstr ""
--"УВАГА: немає підтримки ідентифікатора черги Tevent, можливості аналізу "
--"запитів буде обмежено.\n"
-+"Помилка: немає підтримки ідентифікатора ланцюжка Tevent, можливість аналізу "
-+"журналу недоступна.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:117
- msgid "SSSD InfoPipe user lookup result:\n"
-@@ -3006,6 +3006,12 @@ msgstr "Інформує про те, що на відповідачі заді
- #~ "Рекомендуємо скористатися параметром --logdir для обробки журналу SSSD із "
- #~ "підтримкою ідентифікаторів ланцюжка tevent.\n"
-
-+#~ msgid ""
-+#~ "NOTE: Tevent chain ID support missing, request analysis will be limited.\n"
-+#~ msgstr ""
-+#~ "УВАГА: немає підтримки ідентифікатора черги Tevent, можливості аналізу "
-+#~ "запитів буде обмежено.\n"
-+
- #~ msgid "Running under %"
- #~ msgstr "Запущено від імені %"
-
-diff --git a/po/zh_CN.po b/po/zh_CN.po
-index 5f23f62eb..1ade71110 100644
---- a/po/zh_CN.po
-+++ b/po/zh_CN.po
-@@ -4,7 +4,7 @@
- #
- # Translators:
- # Christopher Meng <cickumqt@gmail.com>, 2012
--# Ludek Janda <ljanda@redhat.com>, 2020. #zanata, 2021.
-+# Ludek Janda <ljanda@redhat.com>, 2020. #zanata, 2021, 2022.
- # Pavel Brezina <pbrezina@redhat.com>, 2020. #zanata
- # Charles Lee <lchopn@gmail.com>, 2020, 2021.
- # Sundeep Anand <suanand@redhat.com>, 2021.
-@@ -13,7 +13,7 @@ msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
- "POT-Creation-Date: 2021-12-23 12:58+0100\n"
--"PO-Revision-Date: 2021-12-22 07:16+0000\n"
-+"PO-Revision-Date: 2022-01-05 12:23+0000\n"
- "Last-Translator: Ludek Janda <ljanda@redhat.com>\n"
- "Language-Team: Chinese (Simplified) <https://translate.fedoraproject.org/"
- "projects/sssd/sssd-master/zh_CN/>\n"
-@@ -22,7 +22,7 @@ msgstr ""
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=1; plural=0;\n"
--"X-Generator: Weblate 4.10\n"
-+"X-Generator: Weblate 4.10.1\n"
-
- #: src/config/SSSDConfig/sssdoptions.py:20
- #: src/config/SSSDConfig/sssdoptions.py:21
-@@ -1007,7 +1007,7 @@ msgstr "Kerberos 备份服务器地址"
-
- #: src/config/SSSDConfig/sssdoptions.py:313
- msgid "Kerberos realm"
--msgstr "Kerberos realm"
-+msgstr "Kerberos 域"
-
- #: src/config/SSSDConfig/sssdoptions.py:314
- msgid "Authentication timeout"
-@@ -1071,7 +1071,7 @@ msgstr "启用企业主体"
-
- #: src/config/SSSDConfig/sssdoptions.py:331
- msgid "Enables using of subdomains realms for authentication"
--msgstr "启用使用子域域进行验证"
-+msgstr "允许使用子域域进行身份验证"
-
- #: src/config/SSSDConfig/sssdoptions.py:332
- msgid "A mapping from user names to Kerberos principal names"
-@@ -1128,7 +1128,7 @@ msgstr "离线时尝试重新连接的时间间隔"
-
- #: src/config/SSSDConfig/sssdoptions.py:350
- msgid "Use only the upper case for realm names"
--msgstr "realm 名称仅使用大写字母"
-+msgstr "对于域名称仅使用大写字母"
-
- #: src/config/SSSDConfig/sssdoptions.py:351
- msgid "File that contains CA certificates"
-@@ -1164,7 +1164,7 @@ msgstr "指定要使用的 sasl 授权 ID"
-
- #: src/config/SSSDConfig/sssdoptions.py:359
- msgid "Specify the sasl authorization realm to use"
--msgstr "指定要使用的 sasl 授权 realm"
-+msgstr "指定要使用的 sasl 授权域"
-
- #: src/config/SSSDConfig/sssdoptions.py:360
- msgid "Specify the minimal SSF for LDAP sasl authorization"
-@@ -1876,7 +1876,7 @@ msgstr "组创建 FAST 缓存为"
-
- #: src/providers/krb5/krb5_child.c:3336
- msgid "Kerberos realm to use"
--msgstr "使用的 kerberos realm"
-+msgstr "要使用的 kerberos 域"
-
- #: src/providers/krb5/krb5_child.c:3338
- msgid "Requested lifetime of the ticket"
-@@ -1904,7 +1904,7 @@ msgstr "使用自定义版本的 krb5_get_init_creds_password"
-
- #: src/providers/krb5/krb5_child.c:3351
- msgid "Tevent chain ID used for logging purposes"
--msgstr ""
-+msgstr "用于日志记录的 Tevent 链 ID"
-
- #: src/providers/krb5/krb5_child.c:3379 src/providers/ldap/ldap_child.c:663
- msgid "talloc_asprintf failed.\n"
-@@ -2558,9 +2558,8 @@ msgid "Specify debug level you want to set"
- msgstr "指定要设置的调试级别"
-
- #: src/tools/sssctl/sssctl_logs.c:398
--#, fuzzy
- msgid "ERROR: Tevent chain ID support missing, log analyzer is unsupported.\n"
--msgstr "注意:缺少 Tevent 链 ID 支持,请求分析会受到限制。\n"
-+msgstr "ERROR:缺少 Tevent 链 ID 支持,不支持日志分析器。\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:117
- msgid "SSSD InfoPipe user lookup result:\n"
-@@ -2803,6 +2802,10 @@ msgstr "通知响应者已被 dbus 激活"
- #~ "supported SSSD logs.\n"
- #~ msgstr "建议对 tevent 链 ID 支持的 SSSD 日志使用 --logdir 选项。\n"
-
-+#~ msgid ""
-+#~ "NOTE: Tevent chain ID support missing, request analysis will be limited.\n"
-+#~ msgstr "注意:缺少 Tevent 链 ID 支持,请求分析会受到限制。\n"
-+
- #~ msgid "Running under %"
- #~ msgstr "运行于 % 下"
-
-diff --git a/src/man/po/fi.po b/src/man/po/fi.po
-index 6ebf97280..e5c596767 100644
---- a/src/man/po/fi.po
-+++ b/src/man/po/fi.po
-@@ -4,7 +4,7 @@ msgstr ""
- "Project-Id-Version: sssd-docs 2.3.0\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
- "POT-Creation-Date: 2021-12-20 16:05+0100\n"
--"PO-Revision-Date: 2021-09-14 13:04+0000\n"
-+"PO-Revision-Date: 2022-01-02 20:16+0000\n"
- "Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n"
- "Language-Team: Finnish <https://translate.fedoraproject.org/projects/sssd/"
- "sssd-manpage-master/fi/>\n"
-@@ -13,7 +13,7 @@ msgstr ""
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=2; plural=n != 1;\n"
--"X-Generator: Weblate 4.8\n"
-+"X-Generator: Weblate 4.10.1\n"
-
- #. type: Content of: <reference><title>
- #: sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5
-@@ -1393,7 +1393,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1115
- msgid "default_shell"
--msgstr ""
-+msgstr "Oletuskomentorivitulkki"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1118
-@@ -11978,7 +11978,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:174
- msgid "principal name"
--msgstr ""
-+msgstr "ensisijaisen nimi"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd-krb5.5.xml:178
-@@ -11988,7 +11988,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:179
- msgid "realm name"
--msgstr ""
-+msgstr "alueen nimi"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd-krb5.5.xml:182
-diff --git a/src/man/po/sv.po b/src/man/po/sv.po
-index 9123017be..a96d14770 100644
---- a/src/man/po/sv.po
-+++ b/src/man/po/sv.po
-@@ -7,7 +7,7 @@ msgstr ""
- "Project-Id-Version: sssd-docs 2.3.0\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
- "POT-Creation-Date: 2021-12-20 16:05+0100\n"
--"PO-Revision-Date: 2021-09-17 22:04+0000\n"
-+"PO-Revision-Date: 2021-12-31 15:16+0000\n"
- "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
- "Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/"
- "sssd-manpage-master/sv/>\n"
-@@ -16,7 +16,7 @@ msgstr ""
- "Content-Type: text/plain; charset=UTF-8\n"
- "Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=2; plural=n != 1;\n"
--"X-Generator: Weblate 4.8\n"
-+"X-Generator: Weblate 4.10.1\n"
-
- #. type: Content of: <reference><title>
- #: sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5
-@@ -678,6 +678,9 @@ msgid ""
- "e. accessible via <quote>files</quote> service of <filename>nsswitch.conf</"
- "filename>."
- msgstr ""
-+"Både ett användarnamn och ett aid kan användas men användaren skall vara "
-+"lokal, d.v.s. åtkomlig via tjänsten <quote>files</quote> i <filename>nsswitch"
-+".conf</filename>."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:433
-@@ -3174,6 +3177,8 @@ msgid ""
- "Local user names are required, i.e. accessible via <quote>files</quote> "
- "service of <filename>nsswitch.conf</filename>."
- msgstr ""
-+"Lokalt användarnamn krävs, d.v.s. åtkomligt via tjänsten <quote>files</"
-+"quote> i <filename>nsswitch.conf</filename>."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2177
-@@ -4800,6 +4805,8 @@ msgstr ""
- msgid ""
- "The AD provider will use this option for the CLDAP ping timeouts as well."
- msgstr ""
-+"AD-leverantören kommer även att använda detta alternativ för CLDAP-"
-+"pingtidsgränsen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3437 sssd.conf.5.xml:3457 sssd.conf.5.xml:3476
-@@ -15938,7 +15945,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><refsect2><title>
- #: sssd-ifp.5.xml:43
- msgid "FIND BY VALID CERTIFICATE"
--msgstr ""
-+msgstr "HITTA MED GILTIGT CERTIFIKAT"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para>
- #: sssd-ifp.5.xml:45
-@@ -15946,6 +15953,8 @@ msgid ""
- "The following options can be used to control how the certificates are "
- "validated when using the FindByValidCertificate() API:"
- msgstr ""
-+"Följande alternativ kan användas för att styra hur certifikat valideras när "
-+"API:et FindByValidCertificate() används:"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
- #: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92
-@@ -15964,16 +15973,12 @@ msgstr "certificate_verification"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para>
- #: sssd-ifp.5.xml:52
--#, fuzzy
--#| msgid ""
--#| "For more details, see the <citerefentry> <refentrytitle>sssd.conf</"
--#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
- msgid ""
- "For more details about the options see <citerefentry><refentrytitle>sssd."
- "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
- msgstr ""
--"För fler detaljer, se manualsidan <citerefentry> <refentrytitle>sssd.conf</"
--"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-+"För fler detaljer om alternativet, se <citerefentry><refentrytitle>sssd."
-+"conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ifp.5.xml:62
-@@ -20750,45 +20755,6 @@ msgstr ""
-
- #. type: Content of: <refsect1><para>
- #: include/seealso.xml:4
--#, fuzzy
--#| msgid ""
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</"
--#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
--#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
--#| "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
--#| "citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
--#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
--#| "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
--#| "citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
--#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
--#| "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
--#| "citerefentry>, <citerefentry> <refentrytitle>sssd-files</"
--#| "refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase condition="
--#| "\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase condition="
--#| "\"with_secrets\"> <citerefentry> <refentrytitle>sssd-secrets</"
--#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> "
--#| "<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
--#| "<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </"
--#| "citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
--#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
--#| "<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
--#| "citerefentry>, <citerefentry> <refentrytitle>sss_seed</"
--#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
--#| "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
--#| "manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> "
--#| "<citerefentry> <refentrytitle>sss_ssh_authorizedkeys</refentrytitle> "
--#| "<manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
--#| "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
--#| "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
--#| "manvolnum> </citerefentry>, </phrase> <citerefentry> "
--#| "<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
--#| "citerefentry>. <citerefentry> <refentrytitle>sss_rpcidmapd</"
--#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> <phrase condition="
--#| "\"with_stap\"> <citerefentry> <refentrytitle>sssd-systemtap</"
--#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> </phrase>"
- msgid ""
- "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
- "citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
-@@ -20826,41 +20792,42 @@ msgid ""
- "citerefentry> </phrase>"
- msgstr ""
- "<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
--"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
--"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-+"citerefentry>, <citerefentry> <refentrytitle>sssd."
-+"conf</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
- "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
--"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
--"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-+"citerefentry>, <citerefentry> <refentrytitle>sssd-"
-+"krb5</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
- "<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
--"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
--"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-+"citerefentry>, <citerefentry> <refentrytitle>sssd-"
-+"ipa</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
- "<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
--"citerefentry>, <citerefentry> <refentrytitle>sssd-files</"
--"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase condition="
--"\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
--"<manvolnum>5</manvolnum> </citerefentry>, </phrase> <phrase condition="
--"\"with_secrets\"> <citerefentry> <refentrytitle>sssd-secrets</refentrytitle> "
--"<manvolnum>5</manvolnum> </citerefentry>, </phrase> <citerefentry> "
--"<refentrytitle>sssd-session-recording</refentrytitle> <manvolnum>5</"
--"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_cache</"
--"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-+"citerefentry>, <citerefentry> <refentrytitle>sssd-"
-+"files</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <phrase "
-+"condition=\"with_sudo\"> <citerefentry> <refentrytitle>sssd-sudo</"
-+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, </phrase> "
-+"<citerefentry> <refentrytitle>sssd-session-recording</refentrytitle> "
-+"<manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
-+"<refentrytitle>sss_cache</refentrytitle><manvolnum>8</manvolnum> </"
-+"citerefentry>, <citerefentry> "
- "<refentrytitle>sss_debuglevel</refentrytitle><manvolnum>8</manvolnum> </"
--"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
--"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-+"citerefentry>, <citerefentry> "
-+"<refentrytitle>sss_obfuscate</refentrytitle><manvolnum>8</manvolnum> </"
-+"citerefentry>, <citerefentry> "
- "<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
--"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
--"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
--"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
-+"citerefentry>, <citerefentry> "
-+"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle><manvolnum>8</"
-+"manvolnum> </citerefentry>, <phrase condition=\"with_ssh\"> <citerefentry> "
-+"<refentrytitle>sss_ssh_authorizedkeys</refentrytitle> <manvolnum>8</"
-+"manvolnum> </citerefentry>, <citerefentry> "
- "<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
- "manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
- "<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
--"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
--"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
--"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
--"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry> </phrase>"
-+"manvolnum> </citerefentry>, </phrase> <citerefentry> "
-+"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </"
-+"citerefentry>. <citerefentry> <refentrytitle>sss_rpcidmapd</refentrytitle> "
-+"<manvolnum>5</manvolnum> </citerefentry> <phrase condition=\"with_stap\"> "
-+"<citerefentry> <refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</"
-+"manvolnum> </citerefentry> </phrase>"
-
- #. type: Content of: <listitem><para>
- #: include/ldap_search_bases.xml:3
-diff --git a/src/man/po/uk.po b/src/man/po/uk.po
-index dd08f055e..e6477148e 100644
---- a/src/man/po/uk.po
-+++ b/src/man/po/uk.po
-@@ -16,7 +16,7 @@ msgstr ""
- "Project-Id-Version: sssd-docs 2.3.0\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
- "POT-Creation-Date: 2021-12-20 16:05+0100\n"
--"PO-Revision-Date: 2021-10-20 03:21+0000\n"
-+"PO-Revision-Date: 2021-12-22 10:38+0000\n"
- "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
- "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/"
- "sssd-manpage-master/uk/>\n"
-@@ -26,7 +26,7 @@ msgstr ""
- "Content-Transfer-Encoding: 8bit\n"
- "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
- "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
--"X-Generator: Weblate 4.8\n"
-+"X-Generator: Weblate 4.10\n"
-
- #. type: Content of: <reference><title>
- #: sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5 pam_sss_gss.8.xml:5
-@@ -703,6 +703,9 @@ msgid ""
- "e. accessible via <quote>files</quote> service of <filename>nsswitch.conf</"
- "filename>."
- msgstr ""
-+"Можна скористатися іменем користувача і UID, але користувач має бути "
-+"локальним, тобто доступним для служби <quote>files</quote> <filename>nsswitch"
-+".conf</filename>."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:433
-@@ -3255,6 +3258,8 @@ msgid ""
- "Local user names are required, i.e. accessible via <quote>files</quote> "
- "service of <filename>nsswitch.conf</filename>."
- msgstr ""
-+"Потрібні локальні імена користувачів, тобто імена, які доступні зі служби "
-+"<quote>files</quote> <filename>nsswitch.conf</filename>."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2177
-@@ -4915,6 +4920,8 @@ msgstr ""
- msgid ""
- "The AD provider will use this option for the CLDAP ping timeouts as well."
- msgstr ""
-+"Надавач даних AD використовуватиме цей параметр також для визначення часу "
-+"очікування на відгук на луна-імпульс CLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3437 sssd.conf.5.xml:3457 sssd.conf.5.xml:3476
-@@ -16286,7 +16293,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><refsect2><title>
- #: sssd-ifp.5.xml:43
- msgid "FIND BY VALID CERTIFICATE"
--msgstr ""
-+msgstr "ПОШУК ЗА ЧИННИМ СЕРТИФІКАТОМ"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para>
- #: sssd-ifp.5.xml:45
-@@ -16294,6 +16301,8 @@ msgid ""
- "The following options can be used to control how the certificates are "
- "validated when using the FindByValidCertificate() API:"
- msgstr ""
-+"Для керування тим, як буде виконуватися перевірка, якщо використано "
-+"програмний інтерфейс FindByValidCertificate(), використовують такі параметри:"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
- #: sssd-ifp.5.xml:48 sss_ssh_authorizedkeys.1.xml:92
-@@ -16312,15 +16321,11 @@ msgstr "certificate_verification"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para>
- #: sssd-ifp.5.xml:52
--#, fuzzy
--#| msgid ""
--#| "For more details, see the <citerefentry> <refentrytitle>sssd.conf</"
--#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
- msgid ""
- "For more details about the options see <citerefentry><refentrytitle>sssd."
- "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
- msgstr ""
--"Щоб дізнатися більше, ознайомтеся зі сторінкою підручника щодо "
-+"Щоб дізнатися більше про параметри, ознайомтеся зі сторінкою підручника щодо "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry>."
-
---
-2.26.3
-
diff --git a/SOURCES/0005-CLIENT-MC-1-is-more-appropriate-initial-value-for-fd.patch b/SOURCES/0005-CLIENT-MC-1-is-more-appropriate-initial-value-for-fd.patch
new file mode 100644
index 0000000..a820d44
--- /dev/null
+++ b/SOURCES/0005-CLIENT-MC-1-is-more-appropriate-initial-value-for-fd.patch
@@ -0,0 +1,34 @@
+From 0eae0862069e4bbbdd87b809193fc873f3003cff Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Tue, 16 Aug 2022 21:48:43 +0200
+Subject: [PATCH 5/6] CLIENT:MC: -1 is more appropriate initial value for fd
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+(cherry picked from commit 579cc0b266d5f8954bc71cfcd3fe68002d681a5f)
+---
+ src/sss_client/nss_mc.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h
+index de1496ccc..0f88521e9 100644
+--- a/src/sss_client/nss_mc.h
++++ b/src/sss_client/nss_mc.h
+@@ -67,9 +67,9 @@ struct sss_cli_mc_ctx {
+ };
+
+ #if HAVE_PTHREAD
+-#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), 1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
++#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), -1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
+ #else
+-#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, 1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
++#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, -1, 0, NULL, 0, NULL, 0, NULL, 0, 0}
+ #endif
+
+ errno_t sss_nss_mc_get_ctx(const char *name, struct sss_cli_mc_ctx *ctx);
+--
+2.37.1
+
diff --git a/SOURCES/0006-CLIENT-MC-pointer-to-the-context-mutex-shouldn-t-be-.patch b/SOURCES/0006-CLIENT-MC-pointer-to-the-context-mutex-shouldn-t-be-.patch
new file mode 100644
index 0000000..f759975
--- /dev/null
+++ b/SOURCES/0006-CLIENT-MC-pointer-to-the-context-mutex-shouldn-t-be-.patch
@@ -0,0 +1,78 @@
+From d386e94ef49d95d7305a3e6578e41a2cf61dfc5c Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Tue, 16 Aug 2022 21:51:03 +0200
+Subject: [PATCH 6/6] CLIENT:MC: pointer to the context mutex shouldn't be
+ touched
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Even brief window inside `sss_nss_mc_destroy_ctx()` when `mutex == NULL`
+was creating a possibility for a race.
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+(cherry picked from commit 4ac93d9c5df59cdb7f397b4467f1c1c4822ff757)
+---
+ src/sss_client/nss_mc.h | 4 +++-
+ src/sss_client/nss_mc_common.c | 20 ++++++++++----------
+ 2 files changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h
+index 0f88521e9..9ab2736fa 100644
+--- a/src/sss_client/nss_mc.h
++++ b/src/sss_client/nss_mc.h
+@@ -44,7 +44,9 @@ enum sss_mc_state {
+ RECYCLED,
+ };
+
+-/* common stuff */
++/* In the case this structure is extended, don't forget to update
++ * `SSS_CLI_MC_CTX_INITIALIZER` and `sss_nss_mc_destroy_ctx()`.
++ */
+ struct sss_cli_mc_ctx {
+ enum sss_mc_state initialized;
+ #if HAVE_PTHREAD
+diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c
+index f38a4a85a..3128861bf 100644
+--- a/src/sss_client/nss_mc_common.c
++++ b/src/sss_client/nss_mc_common.c
+@@ -130,25 +130,25 @@ errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx)
+
+ static void sss_nss_mc_destroy_ctx(struct sss_cli_mc_ctx *ctx)
+ {
+- uint32_t active_threads = ctx->active_threads;
+-#if HAVE_PTHREAD
+- pthread_mutex_t *mutex = ctx->mutex;
+-#endif
+
+ if ((ctx->mmap_base != NULL) && (ctx->mmap_size != 0)) {
+ munmap(ctx->mmap_base, ctx->mmap_size);
+ }
++ ctx->mmap_base = NULL;
++ ctx->mmap_size = 0;
++
+ if (ctx->fd != -1) {
+ close(ctx->fd);
+ }
+- memset(ctx, 0, sizeof(struct sss_cli_mc_ctx));
+ ctx->fd = -1;
+
+- /* restore count of active threads */
+- ctx->active_threads = active_threads;
+-#if HAVE_PTHREAD
+- ctx->mutex = mutex;
+-#endif
++ ctx->seed = 0;
++ ctx->data_table = NULL;
++ ctx->dt_size = 0;
++ ctx->hash_table = NULL;
++ ctx->ht_size = 0;
++ ctx->initialized = UNINITIALIZED;
++ /* `mutex` and `active_threads` should be left intact */
+ }
+
+ static errno_t sss_nss_mc_init_ctx(const char *name,
+--
+2.37.1
+
diff --git a/SOURCES/0007-SSSCTL-Allow-analyzer-to-work-without-SSSD-setup.patch b/SOURCES/0007-SSSCTL-Allow-analyzer-to-work-without-SSSD-setup.patch
new file mode 100644
index 0000000..0e06c29
--- /dev/null
+++ b/SOURCES/0007-SSSCTL-Allow-analyzer-to-work-without-SSSD-setup.patch
@@ -0,0 +1,33 @@
+From f8704cc24eafe190e6c78dc21535f6029d51d647 Mon Sep 17 00:00:00 2001
+From: Justin Stephenson <jstephen@redhat.com>
+Date: Mon, 15 Aug 2022 16:17:59 -0400
+Subject: [PATCH] SSSCTL: Allow analyzer to work without SSSD setup
+
+Fixes an issue when the sssctl analyzer option is
+used on systems where SSSD is not running or configured. This is
+an expected use case when using --logdir option to analyze external
+log files.
+
+Resolves: https://github.com/SSSD/sssd/issues/6298
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/tools/sssctl/sssctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
+index 3816125ad..f18689f9f 100644
+--- a/src/tools/sssctl/sssctl.c
++++ b/src/tools/sssctl/sssctl.c
+@@ -296,7 +296,7 @@ int main(int argc, const char **argv)
+ SSS_TOOL_COMMAND("logs-remove", "Remove existing SSSD log files", 0, sssctl_logs_remove),
+ SSS_TOOL_COMMAND("logs-fetch", "Archive SSSD log files in tarball", 0, sssctl_logs_fetch),
+ SSS_TOOL_COMMAND("debug-level", "Change SSSD debug level", 0, sssctl_debug_level),
+- SSS_TOOL_COMMAND("analyze", "Analyze logged data", 0, sssctl_analyze),
++ SSS_TOOL_COMMAND_FLAGS("analyze", "Analyze logged data", 0, sssctl_analyze, SSS_TOOL_FLAG_SKIP_CMD_INIT),
+ #ifdef HAVE_LIBINI_CONFIG_V1_3
+ SSS_TOOL_DELIMITER("Configuration files tools:"),
+ SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT),
+--
+2.37.1
+
diff --git a/SOURCES/0008-RESPONDER-Fix-client-ID-tracking.patch b/SOURCES/0008-RESPONDER-Fix-client-ID-tracking.patch
new file mode 100644
index 0000000..769e082
--- /dev/null
+++ b/SOURCES/0008-RESPONDER-Fix-client-ID-tracking.patch
@@ -0,0 +1,297 @@
+From e6d450d4f67c3c639a6ab7e891adccc361d80ecd Mon Sep 17 00:00:00 2001
+From: Justin Stephenson <jstephen@redhat.com>
+Date: Fri, 19 Aug 2022 09:50:22 -0400
+Subject: [PATCH 8/9] RESPONDER: Fix client ID tracking
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Client ID is not stored properly to match requests
+when parallel requests are made to client SSSD
+
+Resolves: https://github.com/SSSD/sssd/issues/6307
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/responder/common/cache_req/cache_req.c | 5 +++--
+ .../plugins/cache_req_autofs_entry_by_name.c | 3 ++-
+ .../cache_req/plugins/cache_req_autofs_map_by_name.c | 3 ++-
+ .../cache_req/plugins/cache_req_autofs_map_entries.c | 3 ++-
+ .../plugins/cache_req_ssh_host_id_by_name.c | 3 ++-
+ src/responder/common/responder.h | 2 +-
+ src/responder/common/responder_common.c | 12 +++++++-----
+ src/responder/common/responder_dp.c | 5 +++--
+ src/responder/common/responder_get_domains.c | 3 ++-
+ src/responder/pam/pamsrv_cmd.c | 4 ++--
+ 10 files changed, 26 insertions(+), 17 deletions(-)
+
+diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c
+index 4dd45b038..bc65bae71 100644
+--- a/src/responder/common/cache_req/cache_req.c
++++ b/src/responder/common/cache_req/cache_req.c
+@@ -24,6 +24,7 @@
+ #include <errno.h>
+
+ #include "util/util.h"
++#include "util/sss_chain_id.h"
+ #include "responder/common/responder.h"
+ #include "responder/common/cache_req/cache_req_private.h"
+ #include "responder/common/cache_req/cache_req_plugin.h"
+@@ -1124,8 +1125,8 @@ struct tevent_req *cache_req_send(TALLOC_CTX *mem_ctx,
+ }
+ state->first_iteration = true;
+
+- SSS_REQ_TRACE_CID_CR(SSSDBG_TRACE_FUNC, cr, "New request [CID #%u] '%s'\n",
+- rctx->client_id_num, cr->reqname);
++ SSS_REQ_TRACE_CID_CR(SSSDBG_TRACE_FUNC, cr, "New request [CID #%lu] '%s'\n",
++ sss_chain_id_get(), cr->reqname);
+
+ ret = cache_req_is_well_known_object(state, cr, &result);
+ if (ret == EOK) {
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
+index 788b6708c..b2b0a06eb 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
+@@ -24,6 +24,7 @@
+ #include "db/sysdb.h"
+ #include "db/sysdb_autofs.h"
+ #include "util/util.h"
++#include "util/sss_chain_id.h"
+ #include "providers/data_provider.h"
+ #include "responder/common/cache_req/cache_req_plugin.h"
+
+@@ -86,7 +87,7 @@ cache_req_autofs_entry_by_name_dp_send(TALLOC_CTX *mem_ctx,
+ be_conn->bus_name, SSS_BUS_PATH,
+ 0, data->name.name,
+ data->autofs_entry_name,
+- cr->rctx->client_id_num);
++ sss_chain_id_get());
+ }
+
+ bool
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
+index 5d82641cc..23b11b1cd 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
+@@ -24,6 +24,7 @@
+ #include "db/sysdb.h"
+ #include "db/sysdb_autofs.h"
+ #include "util/util.h"
++#include "util/sss_chain_id.h"
+ #include "providers/data_provider.h"
+ #include "responder/common/cache_req/cache_req_plugin.h"
+
+@@ -82,7 +83,7 @@ cache_req_autofs_map_by_name_dp_send(TALLOC_CTX *mem_ctx,
+ return sbus_call_dp_autofs_GetMap_send(mem_ctx, be_conn->conn,
+ be_conn->bus_name, SSS_BUS_PATH,
+ 0, data->name.name,
+- cr->rctx->client_id_num);
++ sss_chain_id_get());
+ }
+
+ bool
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
+index 29f289723..18c08ca39 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
+@@ -24,6 +24,7 @@
+ #include "db/sysdb.h"
+ #include "db/sysdb_autofs.h"
+ #include "util/util.h"
++#include "util/sss_chain_id.h"
+ #include "providers/data_provider.h"
+ #include "responder/common/cache_req/cache_req_plugin.h"
+
+@@ -114,7 +115,7 @@ cache_req_autofs_map_entries_dp_send(TALLOC_CTX *mem_ctx,
+ return sbus_call_dp_autofs_Enumerate_send(mem_ctx, be_conn->conn,
+ be_conn->bus_name, SSS_BUS_PATH,
+ 0, data->name.name,
+- cr->rctx->client_id_num);
++ sss_chain_id_get());
+ }
+
+ bool
+diff --git a/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c b/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c
+index a8b8f47a8..29f52f10d 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c
++++ b/src/responder/common/cache_req/plugins/cache_req_ssh_host_id_by_name.c
+@@ -23,6 +23,7 @@
+
+ #include "db/sysdb_ssh.h"
+ #include "util/util.h"
++#include "util/sss_chain_id.h"
+ #include "providers/data_provider.h"
+ #include "responder/common/cache_req/cache_req_plugin.h"
+
+@@ -86,7 +87,7 @@ cache_req_host_by_name_dp_send(TALLOC_CTX *mem_ctx,
+ return sbus_call_dp_dp_hostHandler_send(mem_ctx, be_conn->conn,
+ be_conn->bus_name, SSS_BUS_PATH,
+ 0, data->name.name, data->alias,
+- cr->rctx->client_id_num);
++ sss_chain_id_get());
+ }
+
+ static bool
+diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h
+index 5cb79e3e6..259b3ff13 100644
+--- a/src/responder/common/responder.h
++++ b/src/responder/common/responder.h
+@@ -165,13 +165,13 @@ struct cli_ctx {
+
+ struct cli_creds *creds;
+ char *cmd_line;
+- uint64_t old_chain_id;
+
+ void *protocol_ctx;
+ void *state_ctx;
+
+ struct tevent_timer *idle;
+ time_t last_request_time;
++ uint32_t client_id_num;
+ };
+
+ struct sss_cmd_table {
+diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c
+index 6e3b61ef0..a4ba8ea71 100644
+--- a/src/responder/common/responder_common.c
++++ b/src/responder/common/responder_common.c
+@@ -87,8 +87,6 @@ static void client_close_fn(struct tevent_context *ev,
+ "Failed to close fd [%d]: [%s]\n",
+ ctx->cfd, strerror(ret));
+ }
+- /* Restore the original chain id */
+- sss_chain_id_set(ctx->old_chain_id);
+
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Terminated client [%p][%d]\n",
+@@ -526,7 +524,6 @@ static void accept_fd_handler(struct tevent_context *ev,
+ int fd = accept_ctx->is_private ? rctx->priv_lfd : rctx->lfd;
+
+ rctx->client_id_num++;
+-
+ if (accept_ctx->is_private) {
+ ret = stat(rctx->priv_sock_name, &stat_buf);
+ if (ret == -1) {
+@@ -557,6 +554,8 @@ static void accept_fd_handler(struct tevent_context *ev,
+
+ talloc_set_destructor(cctx, cli_ctx_destructor);
+
++ cctx->client_id_num = rctx->client_id_num;
++
+ len = sizeof(cctx->addr);
+ cctx->cfd = accept(fd, (struct sockaddr *)&cctx->addr, &len);
+ if (cctx->cfd == -1) {
+@@ -645,7 +644,7 @@ static void accept_fd_handler(struct tevent_context *ev,
+
+ DEBUG(SSSDBG_TRACE_FUNC,
+ "[CID#%u] Client [cmd %s][uid %u][%p][%d] connected%s!\n",
+- rctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds),
++ cctx->client_id_num, cctx->cmd_line, cli_creds_get_uid(cctx->creds),
+ cctx, cctx->cfd, accept_ctx->is_private ? " to privileged pipe" : "");
+
+ return;
+@@ -1090,6 +1089,7 @@ void sss_client_fd_handler(void *ptr,
+ uint16_t flags)
+ {
+ errno_t ret;
++ uint64_t old_chain_id;
+ struct cli_ctx *cctx = talloc_get_type(ptr, struct cli_ctx);
+
+ /* Always reset the responder idle timer on any activity */
+@@ -1105,7 +1105,7 @@ void sss_client_fd_handler(void *ptr,
+ }
+
+ /* Set the chain id */
+- cctx->old_chain_id = sss_chain_id_set(cctx->rctx->client_id_num);
++ old_chain_id = sss_chain_id_set(cctx->client_id_num);
+
+ if (flags & TEVENT_FD_READ) {
+ recv_fn(cctx);
+@@ -1116,6 +1116,8 @@ void sss_client_fd_handler(void *ptr,
+ send_fn(cctx);
+ return;
+ }
++ /* Restore the original chain id */
++ sss_chain_id_set(old_chain_id);
+ }
+
+ int sss_connection_setup(struct cli_ctx *cctx)
+diff --git a/src/responder/common/responder_dp.c b/src/responder/common/responder_dp.c
+index d549e02d3..4b4770da1 100644
+--- a/src/responder/common/responder_dp.c
++++ b/src/responder/common/responder_dp.c
+@@ -23,6 +23,7 @@
+ #include <sys/time.h>
+ #include <time.h>
+ #include "util/util.h"
++#include "util/sss_chain_id.h"
+ #include "responder/common/responder_packet.h"
+ #include "responder/common/responder.h"
+ #include "providers/data_provider.h"
+@@ -276,7 +277,7 @@ sss_dp_get_account_send(TALLOC_CTX *mem_ctx,
+ subreq = sbus_call_dp_dp_getAccountInfo_send(state, be_conn->conn,
+ be_conn->bus_name, SSS_BUS_PATH, dp_flags,
+ entry_type, filter, dom->name, extra,
+- rctx->client_id_num);
++ sss_chain_id_get());
+ if (subreq == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n");
+ ret = ENOMEM;
+@@ -406,7 +407,7 @@ sss_dp_resolver_get_send(TALLOC_CTX *mem_ctx,
+ SSS_BUS_PATH,
+ dp_flags, entry_type,
+ filter_type, filter_value,
+- rctx->client_id_num);
++ sss_chain_id_get());
+ if (subreq == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n");
+ ret = ENOMEM;
+diff --git a/src/responder/common/responder_get_domains.c b/src/responder/common/responder_get_domains.c
+index 918124756..aeff28d73 100644
+--- a/src/responder/common/responder_get_domains.c
++++ b/src/responder/common/responder_get_domains.c
+@@ -19,6 +19,7 @@
+ */
+
+ #include "util/util.h"
++#include "util/sss_chain_id.h"
+ #include "responder/common/responder.h"
+ #include "providers/data_provider.h"
+ #include "db/sysdb.h"
+@@ -751,7 +752,7 @@ sss_dp_get_account_domain_send(TALLOC_CTX *mem_ctx,
+ be_conn->bus_name,
+ SSS_BUS_PATH, dp_flags,
+ entry_type, filter,
+- rctx->client_id_num);
++ sss_chain_id_get());
+ if (subreq == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create subrequest!\n");
+ ret = ENOMEM;
+diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
+index cb0e1b82f..1695554fc 100644
+--- a/src/responder/pam/pamsrv_cmd.c
++++ b/src/responder/pam/pamsrv_cmd.c
+@@ -1492,7 +1492,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
+ }
+ preq->cctx = cctx;
+ preq->cert_auth_local = false;
+- preq->client_id_num = pctx->rctx->client_id_num;
++ preq->client_id_num = cctx->client_id_num;
+
+ preq->pd = create_pam_data(preq);
+ if (!preq->pd) {
+@@ -1513,7 +1513,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd)
+
+ pd->cmd = pam_cmd;
+ pd->priv = cctx->priv;
+- pd->client_id_num = pctx->rctx->client_id_num;
++ pd->client_id_num = cctx->client_id_num;
+
+ ret = pam_forwarder_parse_data(cctx, pd);
+ if (ret == EAGAIN) {
+--
+2.37.1
+
diff --git a/SOURCES/0009-Analyzer-support-parallel-requests-parsing.patch b/SOURCES/0009-Analyzer-support-parallel-requests-parsing.patch
new file mode 100644
index 0000000..b2c49e1
--- /dev/null
+++ b/SOURCES/0009-Analyzer-support-parallel-requests-parsing.patch
@@ -0,0 +1,185 @@
+From d22ea2df62b6e245eef75d7201b678601bf63e98 Mon Sep 17 00:00:00 2001
+From: Justin Stephenson <jstephen@redhat.com>
+Date: Fri, 19 Aug 2022 14:44:11 -0400
+Subject: [PATCH 9/9] Analyzer: support parallel requests parsing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Analyzer code(primarily the list verbose command) needs
+changes to handle parsing the necessary lines from
+NSS/PAM log files when multiple intermixed/parallel
+client requests are sent to SSSD.
+
+Resolves: https://github.com/SSSD/sssd/issues/6307
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/tools/analyzer/modules/request.py | 119 +++++++++++++++-----------
+ 1 file changed, 67 insertions(+), 52 deletions(-)
+
+diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
+index 935e13adc..b9fe3caf8 100644
+--- a/src/tools/analyzer/modules/request.py
++++ b/src/tools/analyzer/modules/request.py
+@@ -16,7 +16,6 @@ class RequestAnalyzer:
+ """
+ module_parser = None
+ consumed_logs = []
+- done = ""
+ list_opts = [
+ Option('--verbose', 'Verbose output', bool, '-v'),
+ Option('--pam', 'Filter only PAM requests', bool),
+@@ -149,58 +148,74 @@ class RequestAnalyzer:
+ print(line)
+ return found_results
+
+- def print_formatted(self, line, verbose):
++ def print_formatted_verbose(self, source, patterns):
++ """
++ Parse line and print formatted verbose list_requests output
++
++ Args:
++ source (Reader): source Reader object
++ patterns (list): List of regex patterns to use for
++ matching lines
++ """
++ # Get CID number, and print the basic line first
++ for line in self.matched_line(source, patterns):
++ cid = self.print_formatted(line)
++
++ # Loop through each line with this CID number to extract and
++ # print the verbose data needed
++ verbose_patterns = ["(cache_req_send|cache_req_process_input|"
++ "cache_req_search_send)"]
++ for cidline in self.matched_line(source, verbose_patterns):
++ plugin = ""
++ name = ""
++ id = ""
++
++ # skip any lines not pertaining to this CID
++ if f"CID#{cid}]" not in cidline:
++ continue
++ if "refreshed" in cidline:
++ continue
++ # CR Plugin name
++ if re.search("cache_req_send", cidline):
++ plugin = cidline.split('\'')[1]
++ # CR Input name
++ elif re.search("cache_req_process_input", cidline):
++ name = cidline.rsplit('[')[-1]
++ # CR Input id
++ elif re.search("cache_req_search_send", cidline):
++ id = cidline.rsplit()[-1]
++
++ if plugin:
++ print(" - " + plugin)
++ if name:
++ print(" - " + name[:-2])
++ if (id and ("UID" in cidline or "GID" in cidline)):
++ print(" - " + id)
++
++ def print_formatted(self, line):
+ """
+ Parse line and print formatted list_requests output
+
+ Args:
+ line (str): line to parse
+- verbose (bool): If true, enable verbose output
++ Returns:
++ Client ID from printed line, 0 otherwise
+ """
+- plugin = ""
+- name = ""
+- id = ""
+-
+ # exclude backtrace logs
+ if line.startswith(' * '):
+- return
+- fields = line.split("[")
+- cr_field = fields[3][7:]
+- cr = cr_field.split(":")[0][4:]
++ return 0
+ if "refreshed" in line:
+- return
+- # CR Plugin name
+- if re.search("cache_req_send", line):
+- plugin = line.split('\'')[1]
+- # CR Input name
+- elif re.search("cache_req_process_input", line):
+- name = line.rsplit('[')[-1]
+- # CR Input id
+- elif re.search("cache_req_search_send", line):
+- id = line.rsplit()[-1]
+- # CID and client process name
+- else:
+- ts = line.split(")")[0]
+- ts = ts[1:]
+- fields = line.split("[")
+- cid = fields[3][4:-9]
+- cmd = fields[4][4:-1]
+- uid = fields[5][4:-1]
+- if not uid.isnumeric():
+- uid = fields[6][4:-1]
+- print(f'{ts}: [uid {uid}] CID #{cid}: {cmd}')
+-
+- if verbose:
+- if plugin:
+- print(" - " + plugin)
+- if name:
+- if cr not in self.done:
+- print(" - " + name[:-2])
+- self.done = cr
+- if id:
+- if cr not in self.done:
+- print(" - " + id)
+- self.done = cr
++ return 0
++ ts = line.split(")")[0]
++ ts = ts[1:]
++ fields = line.split("[")
++ cid = fields[3][4:-9]
++ cmd = fields[4][4:-1]
++ uid = fields[5][4:-1]
++ if not uid.isnumeric():
++ uid = fields[6][4:-1]
++ print(f'{ts}: [uid {uid}] CID #{cid}: {cmd}')
++ return cid
+
+ def list_requests(self, args):
+ """
+@@ -215,20 +230,20 @@ class RequestAnalyzer:
+ # Log messages matching the following regex patterns contain
+ # the useful info we need to produce list output
+ patterns = [r'\[cmd']
+- patterns.append("(cache_req_send|cache_req_process_input|"
+- "cache_req_search_send)")
+ if args.pam:
+ component = source.Component.PAM
+ resp = "pam"
+
+ logger.info(f"******** Listing {resp} client requests ********")
+ source.set_component(component, False)
+- self.done = ""
+- for line in self.matched_line(source, patterns):
+- if isinstance(source, Journald):
+- print(line)
+- else:
+- self.print_formatted(line, args.verbose)
++ if args.verbose:
++ self.print_formatted_verbose(source, patterns)
++ else:
++ for line in self.matched_line(source, patterns):
++ if isinstance(source, Journald):
++ print(line)
++ else:
++ self.print_formatted(line)
+
+ def track_request(self, args):
+ """
+--
+2.37.1
+
diff --git a/SOURCES/0010-CLIENT-fix-client-fd-leak.patch b/SOURCES/0010-CLIENT-fix-client-fd-leak.patch
new file mode 100644
index 0000000..48622c8
--- /dev/null
+++ b/SOURCES/0010-CLIENT-fix-client-fd-leak.patch
@@ -0,0 +1,295 @@
+From 1b2e4760c52b9abd0d9b9f35b47ed72e79922ccc Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Thu, 25 Aug 2022 18:10:46 +0200
+Subject: [PATCH] CLIENT: fix client fd leak
+
+ - close client socket at thread exit
+ - only build lock-free client support if libc has required
+ functionality for a proper cleanup
+ - use proper mechanisms to init lock_mode only once
+
+:relnote:Lock-free client support will be only built if libc
+provides `pthread_key_create()` and `pthread_once()`. For glibc
+this means version 2.34+
+
+Reviewed-by: Justin Stephenson <jstephen@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+(cherry picked from commit 1a6f67c92399ff8e358a6c6cdda43fb2547a5fdb)
+---
+ configure.ac | 29 +++++++++--
+ src/man/Makefile.am | 5 +-
+ src/man/sssd.8.xml | 2 +-
+ src/sss_client/common.c | 83 +++++++++++++++++++-------------
+ src/sss_client/idmap/common_ex.c | 4 ++
+ 5 files changed, 84 insertions(+), 39 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 93bd93b85..5a05de41e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -51,18 +51,39 @@ AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
+ m4_include([src/build_macros.m4])
+ BUILD_WITH_SHARED_BUILD_DIR
+
+-AC_COMPILE_IFELSE(
++
++SAVE_LIBS=$LIBS
++LIBS=
++AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([[#include <pthread.h>]],
+ [[pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER;
+- (void) m; /* unused */
++ pthread_mutex_lock(&m);
++ pthread_mutex_unlock(&m);
+ ]])],
+ [AC_DEFINE([HAVE_PTHREAD], [1], [Pthread mutexes available.])
+ HAVE_PTHREAD=1
+ ],
+- [AC_MSG_WARN([Pthread library not found! Clients will not be thread safe...])])
++ [AC_MSG_WARN([Pthread mutex support not found! Clients will not be thread safe...])])
++LIBS=$SAVE_LIBS
++AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"])
+
+
+-AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"])
++SAVE_LIBS=$LIBS
++LIBS=
++AC_LINK_IFELSE(
++ [AC_LANG_PROGRAM([[#include <pthread.h>]],
++ [[static pthread_key_t k;
++ static pthread_once_t f = PTHREAD_ONCE_INIT;
++ pthread_once(&f, NULL);
++ pthread_key_create(&k, NULL);
++ ]])],
++ [AC_DEFINE([HAVE_PTHREAD_EXT], [1], [Extended pthread functionality is available.])
++ HAVE_PTHREAD_EXT=1
++ ],
++ [AC_MSG_WARN([Extended pthread functionality is not available. Lock-free client feature will not be built.])])
++LIBS=$SAVE_LIBS
++AM_CONDITIONAL([BUILD_LOCKFREE_CLIENT], [test x"$HAVE_PTHREAD_EXT" != "x"])
++
+
+ # Check library for the timer_create function
+ SAVE_LIBS=$LIBS
+diff --git a/src/man/Makefile.am b/src/man/Makefile.am
+index 93dd14819..063ff1bf0 100644
+--- a/src/man/Makefile.am
++++ b/src/man/Makefile.am
+@@ -46,9 +46,12 @@ endif
+ if BUILD_KCM_RENEWAL
+ KCM_RENEWAL_CONDS = ;enable_kcm_renewal
+ endif
++if BUILD_LOCKFREE_CLIENT
++LOCKFREE_CLIENT_CONDS = ;enable_lockfree_support
++endif
+
+
+-CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS)$(GPO_CONDS)$(SYSTEMD_CONDS)$(FILES_CONDS)$(KCM_CONDS)$(STAP_CONDS)$(KCM_RENEWAL_CONDS)
++CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS)$(GPO_CONDS)$(SYSTEMD_CONDS)$(FILES_CONDS)$(KCM_CONDS)$(STAP_CONDS)$(KCM_RENEWAL_CONDS)$(LOCKFREE_CLIENT_CONDS)
+
+
+ #Special Rules:
+diff --git a/src/man/sssd.8.xml b/src/man/sssd.8.xml
+index df07b7f29..5f507c631 100644
+--- a/src/man/sssd.8.xml
++++ b/src/man/sssd.8.xml
+@@ -240,7 +240,7 @@
+ If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO",
+ client applications will not use the fast in-memory cache.
+ </para>
+- <para>
++ <para condition="enable_lockfree_support">
+ If the environment variable SSS_LOCKFREE is set to "NO", requests
+ from multiple threads of a single application will be serialized.
+ </para>
+diff --git a/src/sss_client/common.c b/src/sss_client/common.c
+index 29c751a50..d762dff49 100644
+--- a/src/sss_client/common.c
++++ b/src/sss_client/common.c
+@@ -35,7 +35,6 @@
+ #include <stdlib.h>
+ #include <stdbool.h>
+ #include <stdint.h>
+-#include <stdatomic.h>
+ #include <string.h>
+ #include <fcntl.h>
+ #include <poll.h>
+@@ -62,8 +61,15 @@
+
+ /* common functions */
+
++#ifdef HAVE_PTHREAD_EXT
++static pthread_key_t sss_sd_key;
++static pthread_once_t sss_sd_key_initialized = PTHREAD_ONCE_INIT;
+ static __thread int sss_cli_sd = -1; /* the sss client socket descriptor */
+ static __thread struct stat sss_cli_sb; /* the sss client stat buffer */
++#else
++static int sss_cli_sd = -1; /* the sss client socket descriptor */
++static struct stat sss_cli_sb; /* the sss client stat buffer */
++#endif
+
+ #if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR
+ __attribute__((destructor))
+@@ -76,6 +82,18 @@ void sss_cli_close_socket(void)
+ }
+ }
+
++#ifdef HAVE_PTHREAD_EXT
++static void sss_at_thread_exit(void *v)
++{
++ sss_cli_close_socket();
++}
++
++static void init_sd_key(void)
++{
++ pthread_key_create(&sss_sd_key, sss_at_thread_exit);
++}
++#endif
++
+ /* Requests:
+ *
+ * byte 0-3: 32bit unsigned with length (the complete packet length: 0 to X)
+@@ -553,6 +571,16 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout
+ return -1;
+ }
+
++#ifdef HAVE_PTHREAD_EXT
++ pthread_once(&sss_sd_key_initialized, init_sd_key); /* once for all threads */
++
++ /* It actually doesn't matter what value to set for a key.
++ * The only important thing: key must be non-NULL to ensure
++ * destructor is executed at thread exit.
++ */
++ pthread_setspecific(sss_sd_key, &sss_cli_sd);
++#endif
++
+ /* set as non-blocking, close on exec, and make sure standard
+ * descriptors are not used */
+ sd = make_safe_fd(sd);
+@@ -1129,41 +1157,38 @@ errno_t sss_strnlen(const char *str, size_t maxlen, size_t *len)
+ }
+
+ #if HAVE_PTHREAD
+-bool sss_is_lockfree_mode(void)
++
++#ifdef HAVE_PTHREAD_EXT
++static bool sss_lock_free = true;
++static pthread_once_t sss_lock_mode_initialized = PTHREAD_ONCE_INIT;
++
++static void init_lock_mode(void)
+ {
+- const char *env = NULL;
+- enum {
+- MODE_UNDEF,
+- MODE_LOCKING,
+- MODE_LOCKFREE
+- };
+- static atomic_int mode = MODE_UNDEF;
+-
+- if (mode == MODE_UNDEF) {
+- env = getenv("SSS_LOCKFREE");
+- if ((env != NULL) && (strcasecmp(env, "NO") == 0)) {
+- mode = MODE_LOCKING;
+- } else {
+- mode = MODE_LOCKFREE;
+- }
++ const char *env = getenv("SSS_LOCKFREE");
++
++ if ((env != NULL) && (strcasecmp(env, "NO") == 0)) {
++ sss_lock_free = false;
+ }
++}
+
+- return (mode == MODE_LOCKFREE);
++bool sss_is_lockfree_mode(void)
++{
++ pthread_once(&sss_lock_mode_initialized, init_lock_mode);
++ return sss_lock_free;
+ }
++#endif
+
+ struct sss_mutex sss_nss_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER };
+-
+ static struct sss_mutex sss_pam_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER };
+-
+-static struct sss_mutex sss_nss_mc_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER };
+-
+ static struct sss_mutex sss_pac_mtx = { .mtx = PTHREAD_MUTEX_INITIALIZER };
+
+ static void sss_mt_lock(struct sss_mutex *m)
+ {
++#ifdef HAVE_PTHREAD_EXT
+ if (sss_is_lockfree_mode()) {
+ return;
+ }
++#endif
+
+ pthread_mutex_lock(&m->mtx);
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &m->old_cancel_state);
+@@ -1171,9 +1196,11 @@ static void sss_mt_lock(struct sss_mutex *m)
+
+ static void sss_mt_unlock(struct sss_mutex *m)
+ {
++#ifdef HAVE_PTHREAD_EXT
+ if (sss_is_lockfree_mode()) {
+ return;
+ }
++#endif
+
+ pthread_setcancelstate(m->old_cancel_state, NULL);
+ pthread_mutex_unlock(&m->mtx);
+@@ -1189,7 +1216,7 @@ void sss_nss_unlock(void)
+ sss_mt_unlock(&sss_nss_mtx);
+ }
+
+-/* NSS mutex wrappers */
++/* PAM mutex wrappers */
+ void sss_pam_lock(void)
+ {
+ sss_mt_lock(&sss_pam_mtx);
+@@ -1199,16 +1226,6 @@ void sss_pam_unlock(void)
+ sss_mt_unlock(&sss_pam_mtx);
+ }
+
+-/* NSS mutex wrappers */
+-void sss_nss_mc_lock(void)
+-{
+- sss_mt_lock(&sss_nss_mc_mtx);
+-}
+-void sss_nss_mc_unlock(void)
+-{
+- sss_mt_unlock(&sss_nss_mc_mtx);
+-}
+-
+ /* PAC mutex wrappers */
+ void sss_pac_lock(void)
+ {
+diff --git a/src/sss_client/idmap/common_ex.c b/src/sss_client/idmap/common_ex.c
+index 4f454cd63..8c4894fd9 100644
+--- a/src/sss_client/idmap/common_ex.c
++++ b/src/sss_client/idmap/common_ex.c
+@@ -28,7 +28,9 @@
+ #include "common_private.h"
+
+ extern struct sss_mutex sss_nss_mtx;
++#ifdef HAVE_PTHREAD_EXT
+ bool sss_is_lockfree_mode(void);
++#endif
+
+ #define SEC_FROM_MSEC(ms) ((ms) / 1000)
+ #define NSEC_FROM_MSEC(ms) (((ms) % 1000) * 1000 * 1000)
+@@ -51,9 +53,11 @@ static int sss_mt_timedlock(struct sss_mutex *m, const struct timespec *endtime)
+ {
+ int ret;
+
++#ifdef HAVE_PTHREAD_EXT
+ if (sss_is_lockfree_mode()) {
+ return 0;
+ }
++#endif
+
+ ret = pthread_mutex_timedlock(&m->mtx, endtime);
+ if (ret != 0) {
+--
+2.37.1
+
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
index b4e367f..bcd13a8 100644
--- a/SPECS/sssd.spec
+++ b/SPECS/sssd.spec
@@ -18,8 +18,8 @@
%global enable_systemtap_opt --enable-systemtap
Name: sssd
-Version: 2.6.2
-Release: 3%{?dist}
+Version: 2.7.3
+Release: 4%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -27,10 +27,16 @@ URL: https://github.com/SSSD/sssd
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz
### Patches ###
-Patch0001: 0001-ipa-fix-reply-socket-of-selinux_child.patch
-Patch0002: 0002-ad-add-required-cn-attribute-to-subdomain-object.patch
-Patch0003: 0003-krb5-AD-and-IPA-don-t-change-Kerberos-port.patch
-Patch0004: 0004-po-update-translations.patch
+Patch0001: 0001-Makefile-remove-unneeded-dependency.patch
+Patch0002: 0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch
+Patch0003: 0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch
+Patch0004: 0004-Analyzer-Fix-escaping-raw-fstring.patch
+Patch0005: 0005-CLIENT-MC-1-is-more-appropriate-initial-value-for-fd.patch
+Patch0006: 0006-CLIENT-MC-pointer-to-the-context-mutex-shouldn-t-be-.patch
+Patch0007: 0007-SSSCTL-Allow-analyzer-to-work-without-SSSD-setup.patch
+Patch0008: 0008-RESPONDER-Fix-client-ID-tracking.patch
+Patch0009: 0009-Analyzer-support-parallel-requests-parsing.patch
+Patch0010: 0010-CLIENT-fix-client-fd-leak.patch
### Downstream Patches ###
@@ -104,6 +110,9 @@ BuildRequires: pam_wrapper
BuildRequires: p11-kit-devel
BuildRequires: openssl-devel
BuildRequires: gnutls-utils
+BuildRequires: jansson-devel
+BuildRequires: libcurl-devel
+BuildRequires: libjose-devel
BuildRequires: softhsm >= 2.1.0
BuildRequires: openssl
BuildRequires: openssh
@@ -536,6 +545,16 @@ Requires: krb5-libs >= 1.18.2-11
An implementation of a Kerberos KCM server. Use this package if you want to
use the KCM: Kerberos credentials cache.
+%package idp
+Summary: Kerberos plugins and OIDC helper for external identity providers.
+License: GPLv3+
+Requires: sssd-common = %{version}-%{release}
+
+%description idp
+This package provides Kerberos plugins that are required to enable
+authentication against external identity providers. Additionally a helper
+program to handle the OAuth 2.0 Device Authorization Grant is provided.
+
%prep
# Update timestamps on the files touched by a patch, to avoid non-equal
# .pyc/.pyo files across the multilib peers within a build, where "Level"
@@ -621,6 +640,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
+# Enable krb5 idp plugins by default (when sssd-idp package is installed)
+cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/sssd_enable_idp \
+ $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/sssd_enable_idp
+
# krb5 configuration snippet
cp $RPM_BUILD_ROOT/%{_datadir}/sssd/krb5-snippets/enable_sssd_conf_dir \
$RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
@@ -927,6 +950,7 @@ done
%{_mandir}/man8/pam_sss.8*
%{_mandir}/man8/pam_sss_gss.8*
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
+%{_mandir}/man8/sssd_krb5_localauth_plugin.8*
%files -n libsss_sudo
%defattr(-,root,root,-)
@@ -1048,6 +1072,12 @@ done
%{_unitdir}/sssd-kcm.service
%{_mandir}/man8/sssd-kcm.8*
+%files idp
+%{_libexecdir}/%{servicename}/oidc_child
+%{_libdir}/%{name}/modules/sssd_krb5_idp_plugin.so
+%{_datadir}/sssd/krb5-snippets/sssd_enable_idp
+%config(noreplace) %{_sysconfdir}/krb5.conf.d/sssd_enable_idp
+
%pre ipa
getent group sssd >/dev/null || groupadd -r sssd
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
@@ -1157,6 +1187,48 @@ fi
%systemd_postun_with_restart sssd.service
%changelog
+* Fri Aug 26 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-4
+- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8
+
+* Tue Aug 23 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-3
+- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8
+- Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured
+- Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend
+
+* Wed Aug 10 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-2
+- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases
+- Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs
+- Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL
+
+* Wed Jul 13 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-1
+- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7
+- Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization
+
+* Mon Jun 20 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.2-1
+- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7
+- Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets
+- Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file
+- Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6
+- Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf
+- Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP
+- Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect
+- Resolves: rhbz#2098617 - Harden kerberos ticket validation
+- Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol
+
+* Wed May 18 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.0-2
+- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7
+- Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options)
+- Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file.
+- Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2
+- Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname()
+- Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd
+- Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop
+- Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send
+- Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker
+- Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol
+- Resolves: rhbz#2087745 - 2FA prompting setting ineffective
+- Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language
+
* Mon Jan 17 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.6.2-3
- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names
- Resolves: rhbz#1859315 - sssd does not use kerberos port that is set.