diff --git a/SOURCES/0028-cache_req-allow-cache_req-to-return-ERR_OFFLINE-if-a.patch b/SOURCES/0028-cache_req-allow-cache_req-to-return-ERR_OFFLINE-if-a.patch
new file mode 100644
index 0000000..dae8746
--- /dev/null
+++ b/SOURCES/0028-cache_req-allow-cache_req-to-return-ERR_OFFLINE-if-a.patch
@@ -0,0 +1,100 @@
+From 3f0ba4c2dcf9126b0f94bca4a056b516759d25c1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Fri, 6 Mar 2020 12:49:04 +0100
+Subject: [PATCH 13/18] cache_req: allow cache_req to return ERR_OFFLINE if all
+ dp request failed
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/responder/common/cache_req/cache_req.c | 13 +++++++++++++
+ src/responder/common/cache_req/cache_req.h | 4 ++++
+ src/responder/common/cache_req/cache_req_data.c | 12 ++++++++++++
+ src/responder/common/cache_req/cache_req_private.h | 3 +++
+ 4 files changed, 32 insertions(+)
+
+diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c
+index afb0e7cda..0c8538414 100644
+--- a/src/responder/common/cache_req/cache_req.c
++++ b/src/responder/common/cache_req/cache_req.c
+@@ -974,6 +974,13 @@ static void cache_req_search_domains_done(struct tevent_req *subreq)
+ case ERR_ID_OUTSIDE_RANGE:
+ case ENOENT:
+ if (state->check_next == false) {
++ if (state->cr->data->propogate_offline_status && !state->dp_success) {
++ /* Not found and data provider request failed so we were
++ * unable to fetch the data. */
++ ret = ERR_OFFLINE;
++ goto done;
++ }
++
+ /* Not found. */
+ ret = ENOENT;
+ goto done;
+@@ -1002,6 +1009,12 @@ done:
+ case EAGAIN:
+ break;
+ default:
++ if (ret == ENOENT && state->cr->data->propogate_offline_status
++ && !state->dp_success) {
++ /* Not found and data provider request failed so we were
++ * unable to fetch the data. */
++ ret = ERR_OFFLINE;
++ }
+ tevent_req_error(req, ret);
+ break;
+ }
+diff --git a/src/responder/common/cache_req/cache_req.h b/src/responder/common/cache_req/cache_req.h
+index 72d4abe5e..d36cb2d3b 100644
+--- a/src/responder/common/cache_req/cache_req.h
++++ b/src/responder/common/cache_req/cache_req.h
+@@ -171,6 +171,10 @@ void
+ cache_req_data_set_requested_domains(struct cache_req_data *data,
+ char **requested_domains);
+
++void
++cache_req_data_set_propogate_offline_status(struct cache_req_data *data,
++ bool propogate_offline_status);
++
+ enum cache_req_type
+ cache_req_data_get_type(struct cache_req_data *data);
+
+diff --git a/src/responder/common/cache_req/cache_req_data.c b/src/responder/common/cache_req/cache_req_data.c
+index 14c4ad14f..fe9f3db29 100644
+--- a/src/responder/common/cache_req/cache_req_data.c
++++ b/src/responder/common/cache_req/cache_req_data.c
+@@ -455,6 +455,18 @@ cache_req_data_set_requested_domains(struct cache_req_data *data,
+ data->requested_domains = requested_domains;
+ }
+
++void
++cache_req_data_set_propogate_offline_status(struct cache_req_data *data,
++ bool propogate_offline_status)
++{
++ if (data == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "cache_req_data should never be NULL\n");
++ return;
++ }
++
++ data->propogate_offline_status = propogate_offline_status;
++}
++
+ enum cache_req_type
+ cache_req_data_get_type(struct cache_req_data *data)
+ {
+diff --git a/src/responder/common/cache_req/cache_req_private.h b/src/responder/common/cache_req/cache_req_private.h
+index bfca688b9..2d52e7600 100644
+--- a/src/responder/common/cache_req/cache_req_private.h
++++ b/src/responder/common/cache_req/cache_req_private.h
+@@ -103,6 +103,9 @@ struct cache_req_data {
+
+ /* if set, only search in the listed domains */
+ char **requested_domains;
++
++ /* if set, ERR_OFFLINE is returned if data provider is offline */
++ bool propogate_offline_status;
+ };
+
+ struct tevent_req *
+--
+2.21.3
+
diff --git a/SOURCES/0029-autofs-return-ERR_OFFLINE-if-we-fail-to-get-informat.patch b/SOURCES/0029-autofs-return-ERR_OFFLINE-if-we-fail-to-get-informat.patch
new file mode 100644
index 0000000..f29ff36
--- /dev/null
+++ b/SOURCES/0029-autofs-return-ERR_OFFLINE-if-we-fail-to-get-informat.patch
@@ -0,0 +1,58 @@
+From e50258da70b67ff1b0f928e2e7875bc2fa32dfde Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Fri, 6 Mar 2020 13:12:46 +0100
+Subject: [PATCH 14/18] autofs: return ERR_OFFLINE if we fail to get
+ information from backend and cache is empty
+
+Resolves:
+https://github.com/SSSD/sssd/issues/3413
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ .../common/cache_req/plugins/cache_req_autofs_entry_by_name.c | 2 ++
+ .../common/cache_req/plugins/cache_req_autofs_map_by_name.c | 2 ++
+ .../common/cache_req/plugins/cache_req_autofs_map_entries.c | 2 ++
+ 3 files changed, 6 insertions(+)
+
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
+index cb674add6..55c9fc8b0 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
+@@ -142,6 +142,8 @@ cache_req_autofs_entry_by_name_send(TALLOC_CTX *mem_ctx,
+ return NULL;
+ }
+
++ cache_req_data_set_propogate_offline_status(data, true);
++
+ return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
+index 3c08eaf4f..823eb3595 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
+@@ -136,6 +136,8 @@ cache_req_autofs_map_by_name_send(TALLOC_CTX *mem_ctx,
+ return NULL;
+ }
+
++ cache_req_data_set_propogate_offline_status(data, true);
++
+ return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
+index 1b5645fa0..3e47b1321 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
+@@ -168,6 +168,8 @@ cache_req_autofs_map_entries_send(TALLOC_CTX *mem_ctx,
+ return NULL;
+ }
+
++ cache_req_data_set_propogate_offline_status(data, true);
++
+ return cache_req_steal_data_and_send(mem_ctx, ev, rctx, ncache,
+ cache_refresh_percent,
+ CACHE_REQ_POSIX_DOM, domain,
+--
+2.21.3
+
diff --git a/SOURCES/0030-autofs-translate-ERR_OFFLINE-to-EHOSTDOWN.patch b/SOURCES/0030-autofs-translate-ERR_OFFLINE-to-EHOSTDOWN.patch
new file mode 100644
index 0000000..c605483
--- /dev/null
+++ b/SOURCES/0030-autofs-translate-ERR_OFFLINE-to-EHOSTDOWN.patch
@@ -0,0 +1,51 @@
+From 9098108a7142513fa04afdf92a2c1b3ac002c56e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Fri, 6 Mar 2020 13:44:56 +0100
+Subject: [PATCH 15/18] autofs: translate ERR_OFFLINE to EHOSTDOWN
+
+So we do not publish internal error code.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/3413
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/sss_client/common.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/sss_client/common.c b/src/sss_client/common.c
+index 902438c86..d29332939 100644
+--- a/src/sss_client/common.c
++++ b/src/sss_client/common.c
+@@ -44,6 +44,7 @@
+ #define _(STRING) dgettext (PACKAGE, STRING)
+ #include "sss_cli.h"
+ #include "common_private.h"
++#include "util/util_errors.h"
+
+ #if HAVE_PTHREAD
+ #include <pthread.h>
+@@ -1054,9 +1055,17 @@ int sss_autofs_make_request(enum sss_cli_command cmd,
+ uint8_t **repbuf, size_t *replen,
+ int *errnop)
+ {
+- return sss_cli_make_request_with_checks(cmd, rd, SSS_CLI_SOCKET_TIMEOUT,
+- repbuf, replen, errnop,
+- SSS_AUTOFS_SOCKET_NAME);
++ enum sss_status status;
++
++ status = sss_cli_make_request_with_checks(cmd, rd, SSS_CLI_SOCKET_TIMEOUT,
++ repbuf, replen, errnop,
++ SSS_AUTOFS_SOCKET_NAME);
++
++ if (*errnop == ERR_OFFLINE) {
++ *errnop = EHOSTDOWN;
++ }
++
++ return status;
+ }
+
+ int sss_ssh_make_request(enum sss_cli_command cmd,
+--
+2.21.3
+
diff --git a/SOURCES/0031-autofs-disable-fast-reply.patch b/SOURCES/0031-autofs-disable-fast-reply.patch
new file mode 100644
index 0000000..8706aec
--- /dev/null
+++ b/SOURCES/0031-autofs-disable-fast-reply.patch
@@ -0,0 +1,61 @@
+From 34c519a4851194164befc150df8e768431e66405 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Tue, 22 Sep 2020 11:04:25 +0200
+Subject: [PATCH 16/18] autofs: disable fast reply
+
+If the backend is offline when autofs starts and reads auto.master map
+we don't want to wait 60 seconds before the offline flag is reset. We
+need to allow autofs to retry the call much sooner.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/3413
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ .../common/cache_req/plugins/cache_req_autofs_entry_by_name.c | 2 +-
+ .../common/cache_req/plugins/cache_req_autofs_map_by_name.c | 2 +-
+ .../common/cache_req/plugins/cache_req_autofs_map_entries.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
+index 55c9fc8b0..cd2085187 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
+@@ -84,7 +84,7 @@ cache_req_autofs_entry_by_name_dp_send(TALLOC_CTX *mem_ctx,
+
+ return sbus_call_dp_autofs_GetEntry_send(mem_ctx, be_conn->conn,
+ be_conn->bus_name, SSS_BUS_PATH,
+- DP_FAST_REPLY, data->name.name,
++ 0, data->name.name,
+ data->autofs_entry_name);
+ }
+
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
+index 823eb3595..9d9bc3a97 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
+@@ -81,7 +81,7 @@ cache_req_autofs_map_by_name_dp_send(TALLOC_CTX *mem_ctx,
+
+ return sbus_call_dp_autofs_GetMap_send(mem_ctx, be_conn->conn,
+ be_conn->bus_name, SSS_BUS_PATH,
+- DP_FAST_REPLY, data->name.name);
++ 0, data->name.name);
+ }
+
+ bool
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
+index 3e47b1321..ee0156b6a 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
+@@ -113,7 +113,7 @@ cache_req_autofs_map_entries_dp_send(TALLOC_CTX *mem_ctx,
+
+ return sbus_call_dp_autofs_Enumerate_send(mem_ctx, be_conn->conn,
+ be_conn->bus_name, SSS_BUS_PATH,
+- DP_FAST_REPLY, data->name.name);
++ 0, data->name.name);
+ }
+
+ bool
+--
+2.21.3
+
diff --git a/SOURCES/0032-autofs-correlate-errors-for-different-protocol-versi.patch b/SOURCES/0032-autofs-correlate-errors-for-different-protocol-versi.patch
new file mode 100644
index 0000000..9188a5e
--- /dev/null
+++ b/SOURCES/0032-autofs-correlate-errors-for-different-protocol-versi.patch
@@ -0,0 +1,168 @@
+From 8a22d4ad45f5fc8e888be693539495093c2b3c35 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Wed, 4 Nov 2020 14:20:10 +0100
+Subject: [PATCH 17/18] autofs: correlate errors for different protocol
+ versions
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/sss_client/autofs/autofs_test_client.c | 12 ++++++++
+ src/sss_client/autofs/sss_autofs.c | 35 +++++++++++++++++++---
+ src/sss_client/autofs/sss_autofs.exports | 9 +++---
+ src/sss_client/autofs/sss_autofs_private.h | 5 ++++
+ 4 files changed, 53 insertions(+), 8 deletions(-)
+
+diff --git a/src/sss_client/autofs/autofs_test_client.c b/src/sss_client/autofs/autofs_test_client.c
+index c5358233f..4b285151e 100644
+--- a/src/sss_client/autofs/autofs_test_client.c
++++ b/src/sss_client/autofs/autofs_test_client.c
+@@ -45,10 +45,14 @@ int main(int argc, const char *argv[])
+ char *value = NULL;
+ char *pc_key = NULL;
+ int pc_setent = 0;
++ int pc_protocol = 1;
++ unsigned int protocol;
++ unsigned int requested_protocol = 1;
+ struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ { "by-name", 'n', POPT_ARG_STRING, &pc_key, 0, "Request map by name", NULL },
+ { "only-setent", 's', POPT_ARG_VAL, &pc_setent, 1, "Run only setent, do not enumerate", NULL },
++ { "protocol", 'p', POPT_ARG_INT, &pc_protocol, 0, "Protocol version", NULL },
+ POPT_TABLEEND
+ };
+ poptContext pc = NULL;
+@@ -69,6 +73,14 @@ int main(int argc, const char *argv[])
+
+ poptFreeContext(pc);
+
++ requested_protocol = pc_protocol;
++ protocol = _sss_auto_protocol_version(requested_protocol);
++ if (protocol != requested_protocol) {
++ fprintf(stderr, "Unsupported protocol version: %d -> %d\n",
++ requested_protocol, protocol);
++ exit(EXIT_FAILURE);
++ }
++
+ ret = _sss_setautomntent(mapname, &ctx);
+ if (ret) {
+ fprintf(stderr, "setautomntent failed [%d]: %s\n",
+diff --git a/src/sss_client/autofs/sss_autofs.c b/src/sss_client/autofs/sss_autofs.c
+index 482ff2c40..ef27cf895 100644
+--- a/src/sss_client/autofs/sss_autofs.c
++++ b/src/sss_client/autofs/sss_autofs.c
+@@ -20,6 +20,7 @@
+
+ #include <errno.h>
+ #include <stdlib.h>
++#include <stdatomic.h>
+
+ #include "sss_client/autofs/sss_autofs_private.h"
+ #include "sss_client/sss_cli.h"
+@@ -33,6 +34,32 @@
+ /* How many entries shall _sss_getautomntent_r retrieve at once */
+ #define GETAUTOMNTENT_MAX_ENTRIES 512
+
++static atomic_uint _protocol = 0;
++
++unsigned int _sss_auto_protocol_version(unsigned int requested)
++{
++ switch (requested) {
++ case 0:
++ /* EHOSTDOWN will be translated to ENOENT */
++ _protocol = 0;
++ return 0;
++ default:
++ /* There is no other protocol version at this point. */
++ _protocol = 1;
++ return 1;
++ }
++}
++
++/* Returns correct errno based on autofs version expectations. */
++static errno_t errnop_to_errno(int errnop)
++{
++ if (errnop == EHOSTDOWN && _protocol == 0) {
++ return ENOENT;
++ }
++
++ return errnop;
++}
++
+ struct automtent {
+ char *mapname;
+ size_t cursor;
+@@ -93,7 +120,7 @@ _sss_setautomntent(const char *mapname, void **context)
+ &repbuf, &replen, &errnop);
+ if (ret != SSS_STATUS_SUCCESS) {
+ free(name);
+- ret = errnop;
++ ret = errnop_to_errno(errnop);
+ goto out;
+ }
+
+@@ -310,7 +337,7 @@ _sss_getautomntent_r(char **key, char **value, void *context)
+ &repbuf, &replen, &errnop);
+ free(data);
+ if (ret != SSS_STATUS_SUCCESS) {
+- ret = errnop;
++ ret = errnop_to_errno(errnop);
+ goto out;
+ }
+
+@@ -408,7 +435,7 @@ _sss_getautomntbyname_r(const char *key, char **value, void *context)
+ &repbuf, &replen, &errnop);
+ free(data);
+ if (ret != SSS_STATUS_SUCCESS) {
+- ret = errnop;
++ ret = errnop_to_errno(errnop);
+ goto out;
+ }
+
+@@ -467,7 +494,7 @@ _sss_endautomntent(void **context)
+ ret = sss_autofs_make_request(SSS_AUTOFS_ENDAUTOMNTENT,
+ NULL, NULL, NULL, &errnop);
+ if (ret != SSS_STATUS_SUCCESS) {
+- ret = errnop;
++ ret = errnop_to_errno(errnop);
+ goto out;
+ }
+
+diff --git a/src/sss_client/autofs/sss_autofs.exports b/src/sss_client/autofs/sss_autofs.exports
+index f9ce8f5b2..ec61f715e 100644
+--- a/src/sss_client/autofs/sss_autofs.exports
++++ b/src/sss_client/autofs/sss_autofs.exports
+@@ -2,10 +2,11 @@ EXPORTED {
+
+ # public functions
+ global:
+- _sss_setautomntent;
+- _sss_getautomntent_r;
+- _sss_getautomntbyname_r;
+- _sss_endautomntent;
++ _sss_auto_protocol_version;
++ _sss_setautomntent;
++ _sss_getautomntent_r;
++ _sss_getautomntbyname_r;
++ _sss_endautomntent;
+
+ # everything else is local
+ local:
+diff --git a/src/sss_client/autofs/sss_autofs_private.h b/src/sss_client/autofs/sss_autofs_private.h
+index 6459c1cc7..7fd49db1d 100644
+--- a/src/sss_client/autofs/sss_autofs_private.h
++++ b/src/sss_client/autofs/sss_autofs_private.h
+@@ -21,6 +21,11 @@
+ #include <errno.h>
+ #include "util/util.h"
+
++/**
++ * Choose an autofs protocol version to be used between autofs and sss_autofs.
++ */
++unsigned int _sss_auto_protocol_version(unsigned int requested);
++
+ /**
+ * Selects a map for processing.
+ */
+--
+2.21.3
+
diff --git a/SOURCES/0033-configure-check-for-stdatomic.h.patch b/SOURCES/0033-configure-check-for-stdatomic.h.patch
new file mode 100644
index 0000000..699c3f6
--- /dev/null
+++ b/SOURCES/0033-configure-check-for-stdatomic.h.patch
@@ -0,0 +1,28 @@
+From 075519bceca7a8f4fa28a0b7c538f2f50d552d13 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Thu, 26 Nov 2020 14:56:08 +0100
+Subject: [PATCH 18/18] configure: check for stdatomic.h
+
+Recent autofs patches adds dependency on automic_uint/_Atomic type from C11
+standard. This is supported in both gcc and clang for a long time now.
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ configure.ac | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/configure.ac b/configure.ac
+index 1af1d1785..0d24c4b35 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -42,6 +42,7 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES])
+ AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes])
+
+ AC_CHECK_HEADERS(stdint.h dlfcn.h)
++AC_CHECK_HEADERS([stdatomic.h],,AC_MSG_ERROR([C11 atomic types are not supported]))
+ AC_CONFIG_HEADER(config.h)
+
+ AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
+--
+2.21.3
+
diff --git a/SOURCES/0034-cache_req-ignore-autofs-not-configured-error.patch b/SOURCES/0034-cache_req-ignore-autofs-not-configured-error.patch
new file mode 100644
index 0000000..5181137
--- /dev/null
+++ b/SOURCES/0034-cache_req-ignore-autofs-not-configured-error.patch
@@ -0,0 +1,131 @@
+From 2499bd145f566bfd73b8c7e284b910dd2b36c6d1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Fri, 15 Jan 2021 12:04:38 +0100
+Subject: [PATCH] cache_req: ignore autofs not configured error
+
+Otherwise we return ERR_OFFLINE for domains where autofs provider is not
+set (such as implicit files domain) which is undesirable.
+
+Steps to reproduce:
+1. Enable implicit files domains and LDAP domain with autofs configured
+2. Setup NFS server to export `/exports` with `/exports/home/test`
+3. Add autofs mount points:
+```
+dn: ou=mount,dc=ldap,dc=vm
+ou: mount
+objectClass: organizationalUnit
+objectClass: top
+
+dn: nisMapName=auto.master,ou=mount,dc=ldap,dc=vm
+objectClass: nisMap
+objectClass: top
+nisMapName: auto.master
+
+dn: cn=/export/home,nisMapName=auto.master,ou=mount,dc=ldap,dc=vm
+objectClass: nisObject
+objectClass: top
+cn: /export/home
+nisMapEntry: auto.home
+nisMapName: auto.master
+
+dn: nisMapName=auto.home,ou=mount,dc=ldap,dc=vm
+objectClass: nisMap
+objectClass: top
+nisMapName: auto.home
+
+dn: cn=/,nisMapName=auto.home,ou=mount,dc=ldap,dc=vm
+objectClass: nisObject
+objectClass: top
+cn: /
+nisMapEntry: -fstype=nfs,rw master.ldap.vm:/export/home/&
+nisMapName: auto.home
+```
+4. Run SSSD and autofs
+5. cd to /exports/home/test
+
+The directory will not be mounted with the new autofs protocol. It
+will succeed with the old protocol. In both versions, you'll see
+that SSSD returned ERR_OFFLINE:
+
+```
+(2021-01-15 11:44:48): [be[implicit_files]] [sbus_issue_request_done] (0x0040): sssd.DataProvider.Autofs.GetEntry: Error [1432158215]: DP target is not configured
+...
+(2021-01-15 11:44:49): [autofs] [cache_req_search_cache] (0x0400): CR #3: Looking up [auto.home:test] in cache
+(2021-01-15 11:44:49): [autofs] [cache_req_search_cache] (0x0400): CR #3: Object [auto.home:test] was not found in cache
+(2021-01-15 11:44:49): [autofs] [cache_req_search_ncache_add_to_domain] (0x2000): CR #3: This request type does not support negative cache
+(2021-01-15 11:44:49): [autofs] [cache_req_process_result] (0x0400): CR #3: Finished: Error 1432158212: SSSD is offline
+```
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ .../cache_req/plugins/cache_req_autofs_entry_by_name.c | 10 +++++++++-
+ .../cache_req/plugins/cache_req_autofs_map_by_name.c | 10 +++++++++-
+ .../cache_req/plugins/cache_req_autofs_map_entries.c | 10 +++++++++-
+ 3 files changed, 27 insertions(+), 3 deletions(-)
+
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
+index cd2085187..f411fd351 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_entry_by_name.c
+@@ -92,7 +92,15 @@ bool
+ cache_req_autofs_entry_by_name_dp_recv(struct tevent_req *subreq,
+ struct cache_req *cr)
+ {
+- return sbus_call_dp_autofs_GetEntry_recv(subreq) == EOK;
++ errno_t ret;
++
++ ret = sbus_call_dp_autofs_GetEntry_recv(subreq);
++
++ if (ret == ERR_MISSING_DP_TARGET) {
++ ret = EOK;
++ }
++
++ return ret == EOK;
+ }
+
+ const struct cache_req_plugin cache_req_autofs_entry_by_name = {
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
+index 9d9bc3a97..c22cf0c8e 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_by_name.c
+@@ -88,7 +88,15 @@ bool
+ cache_req_autofs_map_by_name_dp_recv(struct tevent_req *subreq,
+ struct cache_req *cr)
+ {
+- return sbus_call_dp_autofs_GetMap_recv(subreq) == EOK;
++ errno_t ret;
++
++ ret = sbus_call_dp_autofs_GetMap_recv(subreq);
++
++ if (ret == ERR_MISSING_DP_TARGET) {
++ ret = EOK;
++ }
++
++ return ret == EOK;
+ }
+
+ const struct cache_req_plugin cache_req_autofs_map_by_name = {
+diff --git a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
+index ee0156b6a..4d9db6595 100644
+--- a/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
++++ b/src/responder/common/cache_req/plugins/cache_req_autofs_map_entries.c
+@@ -120,7 +120,15 @@ bool
+ cache_req_autofs_map_entries_dp_recv(struct tevent_req *subreq,
+ struct cache_req *cr)
+ {
+- return sbus_call_dp_autofs_Enumerate_recv(subreq) == EOK;
++ errno_t ret;
++
++ ret = sbus_call_dp_autofs_Enumerate_recv(subreq);
++
++ if (ret == ERR_MISSING_DP_TARGET) {
++ ret = EOK;
++ }
++
++ return ret == EOK;
+ }
+
+ const struct cache_req_plugin cache_req_autofs_map_entries = {
+--
+2.21.3
+
diff --git a/SOURCES/0035-simple-fix-memory-leak-while-reloading-lists.patch b/SOURCES/0035-simple-fix-memory-leak-while-reloading-lists.patch
new file mode 100644
index 0000000..5cd16fa
--- /dev/null
+++ b/SOURCES/0035-simple-fix-memory-leak-while-reloading-lists.patch
@@ -0,0 +1,100 @@
+From 19c2c641e669ee1c08d6706c132625dc30e64609 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 12 Jan 2021 16:40:56 +0100
+Subject: [PATCH] simple: fix memory leak while reloading lists
+
+The simple access provider will reload the access and deny lists at
+runtime to make sure that users and groups from domains which are
+discovered at runtime are properly processed.
+
+While reloading the lists the original lists are not freed and an
+intermediate list wasn't removed as well.
+
+Resolves: https://github.com/SSSD/sssd/issues/5456
+
+:fixes: Memory leak in the simple access provider
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/providers/simple/simple_access.c | 28 +++++++++++++++++++++-------
+ 1 file changed, 21 insertions(+), 7 deletions(-)
+
+diff --git a/src/providers/simple/simple_access.c b/src/providers/simple/simple_access.c
+index 1868569b1..49226adf2 100644
+--- a/src/providers/simple/simple_access.c
++++ b/src/providers/simple/simple_access.c
+@@ -117,17 +117,13 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
+ const char *name;
+ const char *option;
+ char **orig_list;
+- char ***ctx_list;
++ char **ctx_list;
+ } lists[] = {{"Allow users", CONFDB_SIMPLE_ALLOW_USERS, NULL, NULL},
+ {"Deny users", CONFDB_SIMPLE_DENY_USERS, NULL, NULL},
+ {"Allow groups", CONFDB_SIMPLE_ALLOW_GROUPS, NULL, NULL},
+ {"Deny groups", CONFDB_SIMPLE_DENY_GROUPS, NULL, NULL},
+ {NULL, NULL, NULL, NULL}};
+
+- lists[0].ctx_list = &ctx->allow_users;
+- lists[1].ctx_list = &ctx->deny_users;
+- lists[2].ctx_list = &ctx->allow_groups;
+- lists[3].ctx_list = &ctx->deny_groups;
+
+ ret = sysdb_master_domain_update(bectx->domain);
+ if (ret != EOK) {
+@@ -141,7 +137,6 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
+ lists[i].option, &lists[i].orig_list);
+ if (ret == ENOENT) {
+ DEBUG(SSSDBG_FUNC_DATA, "%s list is empty.\n", lists[i].name);
+- *lists[i].ctx_list = NULL;
+ continue;
+ } else if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "confdb_get_string_as_list failed.\n");
+@@ -149,7 +144,8 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
+ }
+
+ ret = simple_access_parse_names(ctx, bectx, lists[i].orig_list,
+- lists[i].ctx_list);
++ &lists[i].ctx_list);
++ talloc_free(lists[i].orig_list);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse %s list [%d]: %s\n",
+ lists[i].name, ret, sss_strerror(ret));
+@@ -157,6 +153,18 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
+ }
+ }
+
++ talloc_free(ctx->allow_users);
++ ctx->allow_users = talloc_steal(ctx, lists[0].ctx_list);
++
++ talloc_free(ctx->deny_users);
++ ctx->deny_users = talloc_steal(ctx, lists[1].ctx_list);
++
++ talloc_free(ctx->allow_groups);
++ ctx->allow_groups = talloc_steal(ctx, lists[2].ctx_list);
++
++ talloc_free(ctx->deny_groups);
++ ctx->deny_groups = talloc_steal(ctx, lists[3].ctx_list);
++
+ if (!ctx->allow_users &&
+ !ctx->allow_groups &&
+ !ctx->deny_users &&
+@@ -165,9 +173,15 @@ int simple_access_obtain_filter_lists(struct simple_ctx *ctx)
+ "No rules supplied for simple access provider. "
+ "Access will be granted for all users.\n");
+ }
++
++
+ return EOK;
+
+ failed:
++ for (i = 0; lists[i].name != NULL; i++) {
++ talloc_free(lists[i].ctx_list);
++ }
++
+ return ret;
+ }
+
+--
+2.21.3
+
diff --git a/SOURCES/0036-SBUS-do-not-try-to-del-non-existing-sender.patch b/SOURCES/0036-SBUS-do-not-try-to-del-non-existing-sender.patch
new file mode 100644
index 0000000..d432682
--- /dev/null
+++ b/SOURCES/0036-SBUS-do-not-try-to-del-non-existing-sender.patch
@@ -0,0 +1,38 @@
+From bdf461c7577c458d7b2a785b2007c0ccae73e3f7 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Mon, 11 Jan 2021 18:28:02 +0100
+Subject: [PATCH] SBUS: do not try to del non existing sender
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Resolves: https://github.com/SSSD/sssd/issues/5425
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/sbus/request/sbus_request_sender.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/sbus/request/sbus_request_sender.c b/src/sbus/request/sbus_request_sender.c
+index cecb188b0..39cdec064 100644
+--- a/src/sbus/request/sbus_request_sender.c
++++ b/src/sbus/request/sbus_request_sender.c
+@@ -101,10 +101,11 @@ void
+ sbus_senders_delete(hash_table_t *table,
+ const char *name)
+ {
+- DEBUG(SSSDBG_TRACE_INTERNAL, "Removing identity of sender [%s]\n",
+- name);
+-
+- sss_ptr_hash_delete(table, name, true);
++ if (sss_ptr_hash_has_key(table, name)) {
++ DEBUG(SSSDBG_TRACE_INTERNAL, "Removing identity of sender [%s]\n",
++ name);
++ sss_ptr_hash_delete(table, name, true);
++ }
+ }
+
+ errno_t
+--
+2.21.3
+
diff --git a/SOURCES/0037-pamsrv_gssapi-fix-implicit-conversion-warning.patch b/SOURCES/0037-pamsrv_gssapi-fix-implicit-conversion-warning.patch
new file mode 100644
index 0000000..cb06e15
--- /dev/null
+++ b/SOURCES/0037-pamsrv_gssapi-fix-implicit-conversion-warning.patch
@@ -0,0 +1,34 @@
+From c0ae6d34ff7c170ca0e6d0faa8a2daf9a77becb7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Fri, 8 Jan 2021 14:00:47 +0100
+Subject: [PATCH] pamsrv_gssapi: fix implicit conversion warning
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+src/responder/pam/pamsrv_gssapi.c: In function ‘pam_cmd_gssapi_sec_ctx’:
+src/responder/pam/pamsrv_gssapi.c:716:64: error: implicit conversion from ‘enum sss_domain_type’ to ‘enum cache_req_dom_type’ [-Werror=enum-conversion]
+ 716 | cli_ctx->rctx->ncache, 0, DOM_TYPE_POSIX,
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/responder/pam/pamsrv_gssapi.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/responder/pam/pamsrv_gssapi.c b/src/responder/pam/pamsrv_gssapi.c
+index 099675e1c..2d05c7888 100644
+--- a/src/responder/pam/pamsrv_gssapi.c
++++ b/src/responder/pam/pamsrv_gssapi.c
+@@ -713,7 +713,8 @@ pam_cmd_gssapi_sec_ctx(struct cli_ctx *cli_ctx)
+ DEBUG(SSSDBG_TRACE_FUNC, "Checking that target user matches UPN\n");
+
+ req = cache_req_user_by_upn_send(cli_ctx, cli_ctx->ev, cli_ctx->rctx,
+- cli_ctx->rctx->ncache, 0, DOM_TYPE_POSIX,
++ cli_ctx->rctx->ncache, 0,
++ CACHE_REQ_POSIX_DOM,
+ domain->name, state->authenticated_upn);
+ if (req == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n");
+--
+2.21.3
+
diff --git a/SOURCES/0038-gssapi-default-pam_gssapi_services-to-NULL-in-domain.patch b/SOURCES/0038-gssapi-default-pam_gssapi_services-to-NULL-in-domain.patch
new file mode 100644
index 0000000..d4ea08c
--- /dev/null
+++ b/SOURCES/0038-gssapi-default-pam_gssapi_services-to-NULL-in-domain.patch
@@ -0,0 +1,34 @@
+From cc173629f30fbc885ee90e52a205554b118e0ee6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Mon, 11 Jan 2021 13:11:39 +0100
+Subject: [PATCH 38/39] gssapi: default pam_gssapi_services to NULL in domain
+ section
+
+We need to distinguish when the option is not set in domain section and when
+it is is explicitly disabled. Now if it is not set, domain->gssapi_services
+is NULL and we'll use value from the pam section.
+
+Without this change, the value in the pam section is ignored.
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/confdb/confdb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
+index 2881ce5da..befcfff2d 100644
+--- a/src/confdb/confdb.c
++++ b/src/confdb/confdb.c
+@@ -1582,7 +1582,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
+ }
+
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0], CONFDB_PAM_GSSAPI_SERVICES,
+- "-");
++ NULL);
+ if (tmp != NULL) {
+ ret = split_on_separator(domain, tmp, ',', true, true,
+ &domain->gssapi_services, NULL);
+--
+2.21.3
+
diff --git a/SOURCES/0039-pam_sss_gssapi-fix-coverity-issues.patch b/SOURCES/0039-pam_sss_gssapi-fix-coverity-issues.patch
new file mode 100644
index 0000000..cd37baf
--- /dev/null
+++ b/SOURCES/0039-pam_sss_gssapi-fix-coverity-issues.patch
@@ -0,0 +1,133 @@
+From 111b8b4d62a4fe192c075e6f6bfacb408e6074b3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Tue, 12 Jan 2021 13:50:11 +0100
+Subject: [PATCH 39/39] pam_sss_gssapi: fix coverity issues
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+```
+1. Defect type: RESOURCE_LEAK
+7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:556: leaked_storage: Variable "username" going out of scope leaks the storage it points to.
+Expand
+2. Defect type: RESOURCE_LEAK
+3. sssd-2.4.0/src/sss_client/pam_sss_gss.c:321: leaked_storage: Variable "reply" going out of scope leaks the storage it points to.
+Expand
+3. Defect type: RESOURCE_LEAK
+7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "username" going out of scope leaks the storage it points to.
+Expand
+4. Defect type: RESOURCE_LEAK
+6. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "upn" going out of scope leaks the storage it points to.
+Expand
+5. Defect type: RESOURCE_LEAK
+7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "target" going out of scope leaks the storage it points to.
+Expand
+6. Defect type: RESOURCE_LEAK
+7. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260: leaked_storage: Variable "domain" going out of scope leaks the storage it points to.
+
+1. Defect type: CLANG_WARNING
+1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'username'
+Expand
+2. Defect type: CLANG_WARNING
+1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'upn'
+Expand
+3. Defect type: CLANG_WARNING
+1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'target'
+Expand
+4. Defect type: CLANG_WARNING
+1. sssd-2.4.0/src/sss_client/pam_sss_gss.c:260:16: warning[unix.Malloc]: Potential leak of memory pointed to by 'domain'
+```
+
+Also fix compilation warning
+```
+../src/sss_client/pam_sss_gss.c:339:5: warning: ‘reply’ may be used uninitialized in this function [-Wmaybe-uninitialized]
+ 339 | free(reply);
+ | ^~~~~~~~~~~
+../src/sss_client/pam_sss_gss.c:328:14: note: ‘reply’ was declared here
+ 328 | uint8_t *reply;
+ | ^~~~~
+../src/sss_client/pam_sss_gss.c:270:11: warning: ‘reply_len’ may be used uninitialized in this function [-Wmaybe-uninitialized]
+ 270 | upn = malloc(reply_len * sizeof(char));
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+../src/sss_client/pam_sss_gss.c:327:12: note: ‘reply_len’ was declared here
+ 327 | size_t reply_len;
+ | ^~~~~~~~~
+```
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/sss_client/pam_sss_gss.c | 22 ++++++++++++++++++----
+ 1 file changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/src/sss_client/pam_sss_gss.c b/src/sss_client/pam_sss_gss.c
+index cd38db7da..51be36ece 100644
+--- a/src/sss_client/pam_sss_gss.c
++++ b/src/sss_client/pam_sss_gss.c
+@@ -195,6 +195,8 @@ static errno_t sssd_gssapi_init_send(pam_handle_t *pamh,
+ struct sss_cli_req_data req_data;
+ size_t service_len;
+ size_t user_len;
++ size_t reply_len;
++ uint8_t *reply = NULL;
+ uint8_t *data;
+ errno_t ret;
+ int ret_errno;
+@@ -217,7 +219,7 @@ static errno_t sssd_gssapi_init_send(pam_handle_t *pamh,
+
+ req_data.data = data;
+
+- ret = sss_pam_make_request(SSS_GSSAPI_INIT, &req_data, _reply, _reply_len,
++ ret = sss_pam_make_request(SSS_GSSAPI_INIT, &req_data, &reply, &reply_len,
+ &ret_errno);
+ free(data);
+ if (ret != PAM_SUCCESS) {
+@@ -233,6 +235,16 @@ static errno_t sssd_gssapi_init_send(pam_handle_t *pamh,
+ return (ret_errno != EOK) ? ret_errno : EIO;
+ }
+
++ if (ret_errno == EOK) {
++ *_reply = reply;
++ *_reply_len = reply_len;
++ } else {
++ /* We got PAM_SUCCESS therefore the communication with SSSD was
++ * successful and we have received a reply buffer. We just don't care
++ * about it, we are only interested in the error code. */
++ free(reply);
++ }
++
+ return ret_errno;
+ }
+
+@@ -257,7 +269,8 @@ static errno_t sssd_gssapi_init_recv(uint8_t *reply,
+ target = malloc(reply_len * sizeof(char));
+ upn = malloc(reply_len * sizeof(char));
+ if (username == NULL || domain == NULL || target == NULL || upn == NULL) {
+- return ENOMEM;
++ ret = ENOMEM;
++ goto done;
+ }
+
+ buf = (const char*)reply;
+@@ -311,8 +324,8 @@ static errno_t sssd_gssapi_init(pam_handle_t *pamh,
+ char **_target,
+ char **_upn)
+ {
+- size_t reply_len;
+- uint8_t *reply;
++ size_t reply_len = 0;
++ uint8_t *reply = NULL;
+ errno_t ret;
+
+ ret = sssd_gssapi_init_send(pamh, pam_service, pam_user, &reply,
+@@ -549,6 +562,7 @@ int pam_sm_authenticate(pam_handle_t *pamh,
+
+ done:
+ sss_pam_close_fd();
++ free(username);
+ free(domain);
+ free(target);
+ free(upn);
+--
+2.21.3
+
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
index a05bfb9..ebb7edc 100644
--- a/SPECS/sssd.spec
+++ b/SPECS/sssd.spec
@@ -26,7 +26,7 @@
Name: sssd
Version: 2.4.0
-Release: 5%{?dist}
+Release: 6%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -61,6 +61,18 @@ Patch0024: 0024-pam-fix-typo-in-debug-message.patch
Patch0025: 0025-pam-add-pam_gssapi_services-option.patch
Patch0026: 0026-pam-add-pam_gssapi_check_upn-option.patch
Patch0027: 0027-pam-add-pam_sss_gss-module-for-gssapi-authentication.patch
+Patch0028: 0028-cache_req-allow-cache_req-to-return-ERR_OFFLINE-if-a.patch
+Patch0029: 0029-autofs-return-ERR_OFFLINE-if-we-fail-to-get-informat.patch
+Patch0030: 0030-autofs-translate-ERR_OFFLINE-to-EHOSTDOWN.patch
+Patch0031: 0031-autofs-disable-fast-reply.patch
+Patch0032: 0032-autofs-correlate-errors-for-different-protocol-versi.patch
+Patch0033: 0033-configure-check-for-stdatomic.h.patch
+Patch0034: 0034-cache_req-ignore-autofs-not-configured-error.patch
+Patch0035: 0035-simple-fix-memory-leak-while-reloading-lists.patch
+Patch0036: 0036-SBUS-do-not-try-to-del-non-existing-sender.patch
+Patch0037: 0037-pamsrv_gssapi-fix-implicit-conversion-warning.patch
+Patch0038: 0038-gssapi-default-pam_gssapi_services-to-NULL-in-domain.patch
+Patch0039: 0039-pam_sss_gssapi-fix-coverity-issues.patch
### Downstream Patches ###
@@ -1236,6 +1248,12 @@ fi
%{_libdir}/%{name}/modules/libwbclient.so
%changelog
+* Mon Jan 18 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-6
+- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched
+- Resolves: rhbz#1915395 - Memory leak in the simple access provider
+- Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup
+- Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)
+
* Mon Dec 28 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-5
- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value
- Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches)