sssd-devel July 2018

sssd-devel@lists.fedorahosted.org

3 participants
38 discussions

[sssd PR#560][opened] NSS: close files after mmap
by ChrisKowalczyk 17 Sep '19

17 Sep '19

URL: https://github.com/SSSD/sssd/pull/560 Author: ChrisKowalczyk Title: #560: NSS: close files after mmap Action: opened PR body: """ The files in MC cache folder were initialized by SSSD on startup, and mapped by using mmap function. due to the fact that they weren't closed afterwards, their File descriptors were still marker alive but marked as 'Deleted'. This was noticed by a customer of SUSE, see more details here: https://bugzilla.suse.com/show_bug.cgi?id=1080156 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/560/head:pr560 git checkout pr560

6 12

[sssd PR#541][opened] memberof: keep memberOf attribute for nested member
by pbrezina 08 Apr '19

08 Apr '19

URL: https://github.com/SSSD/sssd/pull/541 Author: pbrezina Title: #541: memberof: keep memberOf attribute for nested member Action: opened PR body: """ If we have a member that is both direct and nested member, memberOf attribute was removed if the direct membership was deleted. 1) user ----------> groupB -> groupC -> groupA / 2) user -> groupA -> groupB -> groupC If we remove user->groupB from 1), we get 2) but groupB was still removed from user memberOf attribute. Resolves: https://pagure.io/SSSD/sssd/issue/3636 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/541/head:pr541 git checkout pr541

3 16

[sssd PR#413][opened] mmap_cache: add SID and type to struct sss_mc_rec
by sumit-bose 16 Oct '18

16 Oct '18

URL: https://github.com/SSSD/sssd/pull/413 Author: sumit-bose Title: #413: mmap_cache: add SID and type to struct sss_mc_rec Action: opened PR body: """ This patchset updates the memory cache by adding some new members to struct sss_mc_rec. One is the addition of a hash value for SID based lookup which will be added in later patches. The other is a new record type and a member indicating the type. The new type is a link record which links an alias name, e.g. an UPN, to the original record of the related user or group object. Besides aliases this link record will be used in case in-sensitive setups. E.g. if getpwnam() returns the name of an AD users as Administrator(a)ad.domain bit some applications or users use administrator(a)ad.domain for lookups the memory cache is currently never used because there is no entry with the hash of 'administrator(a)ad.domain'. With this patch the original data record is created as before with the hash for 'Administrator(a)ad.domain' and a link record is create with the hash of 'administrator(a)ad.domain'. Now both lookups can be handled by the memory cache. If now another application uses ADMINISTRATOR(a)AD.DOMAIN for lookups the first request will go to the NSS responder but upcoming requests can use the memory cache as well because a link record for ADMINISTRATOR(a)AD.DOMAIN is created. The last patch in this series adds some additional data to the user and group lookup requests, the short name, the domain name, the short domain name and the SID. Those are needed to be able to support SID based lookups in the memory cache and allow applications to not depend on the name format returned by getpw{nam|uid}. Upcoming patches for libsss_nss_idmap will make those additional values available to applications I added them already here to keep the memory cache related changes in one PR. Application which will benefit here are the interfaces SSSD provides e.g. to Samba related applications like SSSD's version of libwbclient but also IPA plugins like extdom and slapi-nis. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/413/head:pr413 git checkout pr413

3 5

[sssd PR#611][opened] Do not build the local provider by default
by fidencio 13 Aug '18

13 Aug '18

URL: https://github.com/SSSD/sssd/pull/611 Author: fidencio Title: #611: Do not build the local provider by default Action: opened PR body: """ Folks, This series is the first attempt to avoid building the local provider by default. With we only build it conditionally and the default is set to not build it. The problems: - integration tests depend on the local provider: For this, I've changed our configure line, specifying to enable the local provider; - some unit tests depend on local provider: I've changed some tests (please, take a careful look at those in order to be sure I'm not invalidating the tests) and worked them around so they're still valid with both scenarios (building or not building the local provider); My **personal** preference would be to start using the **files** provider in our tests instead of using the "local" one. However, I've faced some issues related to the amount of users being find in some sysdb tests (ping me, we can discuss this either here or in the #sssd channel) (maybe because it also finds the local users/groups created on my machine?). Again, this is a first attempt, let's discuss improvements needed :-) """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/611/head:pr611 git checkout pr611

3 31

[sssd PR#397][opened] cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS
by amitkumar50 13 Aug '18

13 Aug '18

URL: https://github.com/SSSD/sssd/pull/397 Author: amitkumar50 Title: #397: cleanup: Remove CONFDB_DOMAIN_LEGACY_PASS Action: opened PR body: """ Since CONFDB_DOMAIN_LEGACY_PASS is legacy parameter that is rooted in pre-1.0 SSSD. We should just nuke it as we remove other legacy code. Resolves: https://pagure.io/SSSD/sssd/issue/3530 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/397/head:pr397 git checkout pr397

5 24

[sssd PR#601][opened] sbus: integrate sssd with sbus2
by pbrezina 13 Aug '18

13 Aug '18

URL: https://github.com/SSSD/sssd/pull/601 Author: pbrezina Title: #601: sbus: integrate sssd with sbus2 Action: opened PR body: """ Hi folks, this is a really large patch set and I have now idea how to review it. I know that Jakub tried to review the proof of concept, but he have not managed to finish it so far. It is not in human power to review it all so hard testing should be done. I consider the code itself and the integration with sssd finished. I will push only bug fixes and review issues now. This first version does not run through make check so far because some tests needs to be altered, this however does not prevent manual testing and reviewing. I tried to make the changes small at first while running old and new sbus in parallel, but it was too hard as the changes were too much interconnected. Therefore each patch modifies one area, but completely and sssd will not build. There are new libraries, each in pair. Each pair consist of asynchronous (used inside sssd) and synchronous (used inside tools; sssctl) versions of API. - libsss_sbus, libsss_sbus_sync: sbus interface - libsss_iface, libsss_iface_sync: internal sssd interface, used for internal communication - libifp_iface, libifp_iface_sync: infopipe interface At this point, changes are mostly one to one. We still have separate server for monitor and backends. We still do not use signals, even though it is possible. I will file separate tickets with ideas how to improve our api further and we can work together after this patch set is tested and merged. I did my best with manual testing but I doubt I run all the scenarious. Especially, I want to ask @sbose to test ifp smartcard API and @fidencio to test Fleet Commander integration (the one dbus call in ipa code). Thank you. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/601/head:pr601 git checkout pr601

3 36

[sssd PR#620][opened] Add pam_cert_pam_services option
by abbra 13 Aug '18

13 Aug '18

URL: https://github.com/SSSD/sssd/pull/620 Author: abbra Title: #620: Add pam_cert_pam_services option Action: opened PR body: """ Allow customizing which PAM services are allowed to perform smartcard authentication. Fixes: https://pagure.io/SSSD/sssd/issue/3775 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/620/head:pr620 git checkout pr620

4 13

[sssd PR#624][opened] Fix "test-find-uid" and "find_uid-tests" tests
by stanislavlevin 13 Aug '18

13 Aug '18

URL: https://github.com/SSSD/sssd/pull/624 Author: stanislavlevin Title: #624: Fix "test-find-uid" and "find_uid-tests" tests Action: opened PR body: """ Handle a "hidepid=1" mount option for procfs. One of the affects - this option makes impermissible non own pid subdirectories on /proc. Resolves: https://pagure.io/SSSD/sssd/issue/3789 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/624/head:pr624 git checkout pr624

4 11

[sssd PR#614][opened] nss_protocol_fill_initgr: skip incomplete groups instead of bailing out
by asheplyakov 09 Aug '18

09 Aug '18

URL: https://github.com/SSSD/sssd/pull/614 Author: asheplyakov Title: #614: nss_protocol_fill_initgr: skip incomplete groups instead of bailing out Action: opened PR body: """ Suppose the user U is a member of (AD) groups D1\A, D1\B, D2\X, and no domain controllers in the domain D2 can be reached at the moment (and there are no cached info). As of now initgroups won't assign any groups at all. To improve the behavior skip the incomplete groups so initgroup assigns at least some groups (D1\A, D1\B in the above example). """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/614/head:pr614 git checkout pr614

4 20

[sssd PR#618][opened] Add an option to only print the host keys for sss_ssh_knownhostsproxy
by fidencio 31 Jul '18

31 Jul '18

URL: https://github.com/SSSD/sssd/pull/618 Author: fidencio Title: #618: Add an option to only print the host keys for sss_ssh_knownhostsproxy Action: opened PR body: """ Please, check the patchset. Resolves: https://pagure.io/SSSD/sssd/issue/3542 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/618/head:pr618 git checkout pr618

2 11

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

sssd-devel July 2018