URL: https://github.com/SSSD/sssd/pull/175
Author: lslebodn
Title: #175: Add module for starting services
Action: opened
PR body:
"""
This is a WIP version of reducing code duplication in our cwrap integration tests.
I am still not sure whether we should also reuse function `create_sssd_fixture`.
And if yes; then probably in different nodule then `services`
And comments are welcome.
BTW I wrote patches few weeks ago; therefore new tests are not converted.
I am just sending patches to get some feedback.
Site effect of this patches is that tests are cca 20% faster (IIRC)
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/175/head:pr175
git checkout pr175
URL: https://github.com/SSSD/sssd/pull/269
Author: NWilson
Title: #269: Add support for ActiveDirectory's logonHours restrictions
Action: opened
PR body:
"""
This is a straightforward patch for denying access to a user when the user is not permitted to access their account due to logonHours restrictions.
This matches the default behaviour for domain-joined Windows machines. When outside the logonHours, all types of authentication are denied (password/Kerberos/certificate) - so it is appropriate to put this check inside the PAM "account" rules.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/269/head:pr269
git checkout pr269
URL: https://github.com/SSSD/sssd/pull/578
Author: amitkumar50
Title: #578: proxy: proxy_child hardening
Action: opened
PR body:
"""
proxy_child will call chdir("/"), umask(022)
and reset the environment with clearenv().
The --domain argument to be sanitized.
Resolves: https://pagure.io/SSSD/sssd/issue/2689
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/578/head:pr578
git checkout pr578
URL: https://github.com/SSSD/sssd/pull/596
Author: amitkumar50
Title: #596: [CONFDB]:[RFE] Add "enabled" option to domain section
Action: opened
PR body:
"""
Upstream Request:
Instead of enabling domains using the "domains" option in [sssd]
section we could have [domain/*] option "enabled". This would allow
admins to configure and enable domain in the same snippet file.
This Fix would be submitted in 2 patches:
Patch-1(This Patch):
- Introduces 'enabled' option in domain section
- Introduces 'CONFDB_DOMAIN_ENABLED' variable to retrieve enabled value
from confdb
- Code to call start_service() routine only for domains having enabled=1
Patch-2(Upcoming):
- Would remove 'domains' option from sssd section.
- Would remove corresponding code to parse 'domains' option
- Providing a check that atlest One domain have enabled option set.
Resolves: https://pagure.io/SSSD/sssd/issue/3735
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/596/head:pr596
git checkout pr596
URL: https://github.com/SSSD/sssd/pull/132
Author: fidencio
Title: #132: Add "Wants=" to sssd unit and avoid PAC responder to be always running
Action: opened
PR body:
"""
The first patch changes the current logic of having the services' sockets disabled by default as it adds a "Wants=" to the sssd unit file, making all the services' sockets enabled by the moment sssd service is enabled.
The second patch takes advantage of the first patch and avoids running PAC responder in case its socket is active, leaving the service to be socket-activated when needed.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/132/head:pr132
git checkout pr132
URL: https://github.com/SSSD/sssd/pull/558
Author: jhrozek
Title: #558: WIP: Add a test for sss_nss_getgrouplist_timeout and fix invalidating the initgroups cache
Action: opened
PR body:
"""
This is a WIP on adding tests for the sss_nss_ex interface. I covered only the sss_nss_getgrouplist_timeout function so far.
I'm submitting the PR already in this state to get some feedback if this
coverage is enough and the other functions can be covered similarly or
if there is some issue with this approach.
Also, I found a bug in invalidating the initgroups memory cache, that's
the first of the two patches. Here I'm really not sure if the fix is even
how the issue should be fixed, so I just hacked something up, even without
allocation checks etc.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/558/head:pr558
git checkout pr558
URL: https://github.com/SSSD/sssd/pull/390
Author: mzidek-rh
Title: #390: NSS: Add option to disable memcache
Action: opened
PR body:
"""
Added option use_memcache to centrally disable memcache
for all clients without the need to specify SSS_NSS_USE_MEMCACHE=NO
environment variable.
Resolves:
https://pagure.io/SSSD/sssd/issue/3496
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/390/head:pr390
git checkout pr390
URL: https://github.com/SSSD/sssd/pull/560
Author: ChrisKowalczyk
Title: #560: NSS: close files after mmap
Action: opened
PR body:
"""
The files in MC cache folder were initialized by SSSD on startup, and mapped by using mmap function. due to the fact that they weren't closed afterwards, their File descriptors were still marker alive but marked as 'Deleted'.
This was noticed by a customer of SUSE, see more details here: https://bugzilla.suse.com/show_bug.cgi?id=1080156
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/560/head:pr560
git checkout pr560