[sssd PR#5541][opened] nss client: make innetgr() thread safe
by sumit-bose
URL: https://github.com/SSSD/sssd/pull/5541
Author: sumit-bose
Title: #5541: nss client: make innetgr() thread safe
Action: opened
PR body:
"""
The innetgr() call is expected to be thread safe but SSSD's the current
implementation isn't. In glibc innetgr() is implementend by calling the
setnetgrent(), getnetgrent(), endgrent() sequence with a private context
(struct __netgrent) with provides a member where NSS modules can store data
between the calls.
With this patch setnetgrent() will read all required data from the NSS
responder and store it in the data member of the __netgrent struct.
Upcoming getnetgrent() calls will only operate on the stored data and not
connect to the NSS responder anymore. endgrent() will free the data. Since
the netgroup data is read in a single request to the NSS responder
protected by a mutex and stored in private context of innetgr() this call
is now thread-safe.
Resolves: https://github.com/SSSD/sssd/issues/5540
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5541/head:pr5541
git checkout pr5541
3 years
[sssd PR#5435][opened] whitespace_test: fix exclusion of debian directory
by deastoe
URL: https://github.com/SSSD/sssd/pull/5435
Author: deastoe
Title: #5435: whitespace_test: fix exclusion of debian directory
Action: opened
PR body:
"""
These tests are supposed to ignore trailing whitespace in files in
the debian directory. However this is not the case with the current
exclude pattern and usage of `git grep`.
Use --full-name with `git grep` to ensure its output is always
relative to the repository root, rather than the current directory.
Additionally remove the leading slash from the exclude pattern as
this will never match the output.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5435/head:pr5435
git checkout pr5435
3 years
[sssd PR#5542][opened] nss client: make innetgr() thread safe
by sumit-bose
URL: https://github.com/SSSD/sssd/pull/5542
Author: sumit-bose
Title: #5542: nss client: make innetgr() thread safe
Action: opened
PR body:
"""
The innetgr() call is expected to be thread safe but SSSD's the current
implementation isn't. In glibc innetgr() is implementend by calling the
setnetgrent(), getnetgrent(), endgrent() sequence with a private context
(struct __netgrent) with provides a member where NSS modules can store data
between the calls.
With this patch setnetgrent() will open a new connection to the NSS
responder and stores the file descriptor in the data member of
__netgrent struct so that the following getnetgrent() and endgrent() will
use the same connection. Since the NSS responder stores the netgroup
lookups related data in a per connection context and a new thread will open
a new connection the implementation is thread safe.
Resolves: https://github.com/SSSD/sssd/issues/5540
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5542/head:pr5542
git checkout pr5542
3 years
[sssd PR#5532][opened] Handle ldap_install_tls() configuration and retrial
by ikerexxe
URL: https://github.com/SSSD/sssd/pull/5532
Author: ikerexxe
Title: #5532: Handle ldap_install_tls() configuration and retrial
Action: opened
PR body:
"""
Configure socket options when calling ldap_install_tls() to avoid hitting
EINTR during connect. Set the communication to asynchronous. This
configuration can't be applied for the connection part, which has to be
always blocking. On top of that set the network timeout to
ldap_opt_timeout option, to decrease the possibility of triggering a
timeout error when polling.
If the call to ldap_install_tls() fails with EINTR, retry it again.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5532/head:pr5532
git checkout pr5532
3 years
[sssd PR#5529][opened] AD: read trusted domains from local domain as well
by sumit-bose
URL: https://github.com/SSSD/sssd/pull/5529
Author: sumit-bose
Title: #5529: AD: read trusted domains from local domain as well
Action: opened
PR body:
"""
Currently SSSD only uses information stored in a domain controller of
the forest root domain to get the names of other trusted domains in the
forest. Depending on how the forest was created the forest root might
not have LDAP objects for all domains in the forest. It looks like a
typical case are child domains of other domains in the forest.
As a start SSSD can now include trusted domains stored in the LDAP tree
of a local domain controller as well. In a long run it would make sense
to allow SSSD to explicitly search for domain by looking up DNS entries
and checking a potential domain controller with a CLDAP ping.
Resolves: https://github.com/SSSD/sssd/issues/5528
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5529/head:pr5529
git checkout pr5529
3 years