URL: https://github.com/SSSD/sssd/pull/560
Author: ChrisKowalczyk
Title: #560: NSS: close files after mmap
Action: opened
PR body:
"""
The files in MC cache folder were initialized by SSSD on startup, and mapped by using mmap function. due to the fact that they weren't closed afterwards, their File descriptors were still marker alive but marked as 'Deleted'.
This was noticed by a customer of SUSE, see more details here: https://bugzilla.suse.com/show_bug.cgi?id=1080156
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/560/head:pr560
git checkout pr560
URL: https://github.com/SSSD/sssd/pull/541
Author: pbrezina
Title: #541: memberof: keep memberOf attribute for nested member
Action: opened
PR body:
"""
If we have a member that is both direct and nested member,
memberOf attribute was removed if the direct membership
was deleted.
1)
user ----------> groupB -> groupC
-> groupA /
2)
user -> groupA -> groupB -> groupC
If we remove user->groupB from 1), we get 2) but groupB was still
removed from user memberOf attribute.
Resolves:
https://pagure.io/SSSD/sssd/issue/3636
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/541/head:pr541
git checkout pr541
URL: https://github.com/SSSD/sssd/pull/644
Author: joeFischetti
Title: #644: When multiple UIDs exist, use the username provided by the user as the first lookup
Action: opened
PR body:
"""
The current state of the code has no way of determining the "correct" UID to use when there are multiple values. If there are multiple values, and the RDN doesn't match, this update checks the UID's returned against the username that was provided by the user at the prompt. If that matches, it's used. If that doesn't match, it falls back to the existing code.
Example:
My ldap record includes multiple uid values, ["genericemployee1", "itstaff1"]
I need access to machines as "itstaff1". "genericemployee1" is used as an identifier in other systems/services.
If I log in with "itstaff1" at the prompt, and my ldap lookup with filter (uid=itstaff1) is successful, the array of UID's are checked against "itstaff1" and that's what *_primary is set to.
With the current code, if I try to log in with "itstaff1" at the prompt, I'm actually logged into the system as "genericemployee1". Based on the order that the values are returned... some other staff are logged into their "genericemployee" or the "itstaff" accounts.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/644/head:pr644
git checkout pr644
URL: https://github.com/SSSD/sssd/pull/413
Author: sumit-bose
Title: #413: mmap_cache: add SID and type to struct sss_mc_rec
Action: opened
PR body:
"""
This patchset updates the memory cache by adding some new members to struct
sss_mc_rec. One is the addition of a hash value for SID based lookup which will
be added in later patches.
The other is a new record type and a member indicating the type. The new type
is a link record which links an alias name, e.g. an UPN, to the original record
of the related user or group object.
Besides aliases this link record will be used in case in-sensitive setups. E.g.
if getpwnam() returns the name of an AD users as Administrator(a)ad.domain bit
some applications or users use administrator(a)ad.domain for lookups the memory
cache is currently never used because there is no entry with the hash of
'administrator(a)ad.domain'. With this patch the original data record is created
as before with the hash for 'Administrator(a)ad.domain' and a link record is
create with the hash of 'administrator(a)ad.domain'. Now both lookups can be
handled by the memory cache. If now another application uses
ADMINISTRATOR(a)AD.DOMAIN for lookups the first request will go to the NSS
responder but upcoming requests can use the memory cache as well because a link
record for ADMINISTRATOR(a)AD.DOMAIN is created.
The last patch in this series adds some additional data to the user and group
lookup requests, the short name, the domain name, the short domain name and the
SID. Those are needed to be able to support SID based lookups in the memory
cache and allow applications to not depend on the name format returned by
getpw{nam|uid}. Upcoming patches for libsss_nss_idmap will make those
additional values available to applications I added them already here to keep
the memory cache related changes in one PR. Application which will benefit here
are the interfaces SSSD provides e.g. to Samba related applications like SSSD's
version of libwbclient but also IPA plugins like extdom and slapi-nis.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/413/head:pr413
git checkout pr413
URL: https://github.com/SSSD/sssd/pull/642
Author: mrniranjan
Title: #642: TESTS: Fixes to test library and add new test case for kcm.
Action: opened
PR body:
"""
Fixes related to enabling of ssl in Directory Server
Minor fixes on KCM, adding new exceptions
Adding a new test case to test ssh login with KCM as default
Signed-off-by: Niranjan M.R <mrniranjan(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/642/head:pr642
git checkout pr642
URL: https://github.com/SSSD/sssd/pull/643
Author: jhrozek
Title: #643: KCM: Don't error out if creating a new ID as the first step
Action: opened
PR body:
"""
We need to handle the case where the nextID operation is ran, but the secdb
is totally empty, otherwise logins with sssd's krb5_child would fail.
Resolves: https://pagure.io/SSSD/sssd/issue/3815
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/643/head:pr643
git checkout pr643
URL: https://github.com/SSSD/sssd/pull/641
Author: mrniranjan
Title: #641: Minor fixes related to converting of ldap attributes to bytes
Action: opened
PR body:
"""
Minor fixes related to converting attribute values to bytes
in function related to adding posix group
Signed-off-by: Niranjan M.R <mrniranjan(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/641/head:pr641
git checkout pr641