Announcing ding-libs 0.6.1
by Michal Židek
A new version of ding-libs (0.6.1) was released today!
ding-libs, or "Ding is not GLib" is a a set of helpful libraries used by
projects such as SSSD or gss-proxy.
The tarball can be downloaded from:
https://releases.pagure.org/SSSD/ding-libs/
MD5 sum is:
141ffba92d7703b7efc2595971305de7
== Highlights ==
* libini: Length of values in INI files is no longer limited to
PATH_MAX. The current limit is the amount of memory getline is
able to allocate.
== Note for distribution packagers ==
* API and ABI is backward compatible with last release (0.6.0)
== Detailed Changelog ==
Alexander Scheel (8):
Fix build with TRACE_LEVEL
Document use of basic regex in ini_config_augment
INI: Fix ini_config parsing SEGVs
INI: Tests for section/key name collisions
INI: Prevent null return_cfg during augment
INI: Add INI_MS_DETECT merge notifications
INI: Extend INI_MS_DETECT to be non-exclusive
INI: Test INI_MS_DETECT non-exclusive behavior
Lukas Slebodnik (10):
BUILD: Fix linking of ini_augment_ut_check
INI: Fix usage of buiddir in ini_augment_ut_check
INI: Fix memory leaks in unit test test_ini_augment_empty_dir
DHASH: Suppress gcc7 warning
INI: Fix warning Walloc-size-larger-than
Do not define _GNU_SOURCE
COLLECTION: Remove unused macros
INI: Fix doxygen comment for ini_errobj_create
COLLECTION: Fix misused comma
DHASH: Do not use c99 structure initialisation
Michal Židek (9):
ini_augment: Use full path when reporting pattern mismatch
DHASH: Add check based unit test
GIT: Add commit template
INI: Unit test for augmentation with empty dir
INI: do not use readdir_r
INI: Allow longer values then PATH_MAX
INI: Add test for long values
Bump version info
Update versions before 0.6.1 release
Philip Prindeville (1):
DHASH: Add new key type HASH_KEY_CONST_STRING
5 years, 4 months
[sssd PR#389][opened] sssd_client: add mutex protected call to the PAC responder
by sumit-bose
URL: https://github.com/SSSD/sssd/pull/389
Author: sumit-bose
Title: #389: sssd_client: add mutex protected call to the PAC responder
Action: opened
PR body:
"""
SSSD's plugin for MIT Kerberos to send the PAC to the PAC responder
currently uses sss_pac_make_request() which does not protect the
communication with the PAC responder with a mutex as e.g. the NSS and
PAM clients.
If an application using threads loads this plugin via libkrb5 in
different threads and is heavily processing Kerberos tickets with PACs
chances are that two threads try to communicate with SSSD at once. In
this case one of the threads will miss a reply and will wait for it
until the default client timeout of 300s is passed.
This patch adds a call which uses a mutex to protect the communication
which will avoid the 300s delay mentioned above.
Resolves https://pagure.io/SSSD/sssd/issue/3518
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/389/head:pr389
git checkout pr389
5 years, 4 months
1.13.5 release?
by Jakub Hrozek
Hi,
Timo mentioned last week on IRC that he would appreciate if we released
1.13.5.
Does anyone have some patches to merge in sssd-1-13 or can we release
the tarball?
I know there are some pending PRs with backports and some patches for RHEL-6
bugs were proposed in bugzilla.redhat.com, but there are already quite a
few patches on top of 1.13.4 so I would prefer to release the tarball now
and then, around the time of RHEL-6.10 development freeze, release 1.13.6.
Thoughts?
5 years, 4 months
[sssd PR#332][opened] sydb: index improvements
by sumit-bose
URL: https://github.com/SSSD/sssd/pull/332
Author: sumit-bose
Title: #332: sydb: index improvements
Action: opened
PR body:
"""
This patch first adds some missing attributes to the index. The most
important one here is 'ghost' which is used in the backed during group
lookups.
Additionally the index for one-level searches @IDXONE is removed. One
level searches were only used in a few places and are replace by this
patch with sub-tree searches. The main reason for the removal is that
maintaining the index is quite costly because it is basically a single
huge blob in the underlying tdb database.
Finally this patch removes the index on the objectClass attribute and
adds a new index on an new attribute called objectCategory which is used
instead of objectClass for all objects expect user and group. Typically
user and group searches are done by name or ID attributes which are more
specific then objectClass. And since most of the objects in the cache
will be users and groups a search for all users or groups will be near
to a full database search so that the index won't help much in this case
either. The reason for removing it are the costs to manage it when there
are many users or groups.
Due to the index changes some search results are returned in different
order. I updated the related tests so that the checks do not depend on a
specific order anymore.
If 'LDB_WARN_UNINDEXED=1' is set in /etc/sysconfig/sssd full database
searches are indicated with a 'ldb FULL SEARCH: ...' debug message.
Since there are no extra costs we might want to enable this by default
with a certain debug level.
Currently there are two types of un-indexed searches. Searches with
'(distinguishedName=*)' in the filter are related to sub-tree deletes
and '(dataExpireTimestamp<=...)' are related to refresh and cleanup
tasks. Please note that '<=' and sub-string searches cannot be indexed.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/332/head:pr332
git checkout pr332
5 years, 4 months
