URL: https://github.com/SSSD/sssd/pull/202
Author: celestian
Title: #202: T3315 infopipe group users master
Action: opened
PR body:
"""
Reproducer is:
```
# PREPARING
ipa user-add --first=Test --last=User --email=u1(a)test-domain.sssd test_user
ipa group-add test_group
# REPRODUCER
systemctl daemon-reload
sudo su -c "truncate -s0 /var/log/sssd/*.log"
sudo su -c "rm -f /var/lib/sss/db/*"
sudo su -c "rm -f /var/lib/sss/mc/*"
sudo systemctl restart sssd.service
ipa group-add-member --users=test_user test_group
sss_cache -UG
getent group test_group
# getent show user test_user in test_group, but dbus call doesn't:
dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
/org/freedesktop/sssd/infopipe/Groups \
org.freedesktop.sssd.infopipe.Groups.FindByName \
string:test_group
# command above returns <RESULT_OBJECT>
# We need to update group in cache because method "org.freedesktop.DBus.Properties.GetAll"
# doesn't update records (<-- this should be better commented)
dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
<RESULT_OBJECT> \
org.freedesktop.sssd.infopipe.Groups.Group.UpdateMemberList
# --> this call doesn't work without patch "IFP: Parse ghost name in Group.UpdateMemberList"
# after this call group is updated in cache and we can call:
dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe \
<RESULT_OBJECT> \
org.freedesktop.DBus.Properties.GetAll \
string:"org.freedesktop.sssd.infopipe.Groups.Group"
# We expect test_user in result users array.
# CLEANING
ipa group-del test_group
ipa user-del test_user
```
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/202/head:pr202
git checkout pr202
URL: https://github.com/SSSD/sssd/pull/189
Author: justin-stephenson
Title: #189: SELINUX: Use getseuserbyname to get IPA seuser
Action: opened
PR body:
"""
Retrieve SELinux username utilizing libselinux API as a more reliable method than libsemanage calls and remove get_seuser function which is no longer needed.
Resolves:
https://pagure.io/SSSD/sssd/issue/3308
Tested on IPA client with:
- running `semanage login -d testuser`
- login as **testuser** and check `/var/log/sssd/selinux_child.log`
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/189/head:pr189
git checkout pr189
URL: https://github.com/SSSD/sssd/pull/208
Author: celestian
Title: #208: IFP: Filter with * in Users.ListByName method
Action: opened
PR body:
"""
This patch fixed asterisk in filter of Users.ListByName method.
Resolves:
https://pagure.io/SSSD/sssd/issue/3305
How to test
```
# We have sssd configured and there are some users
# Wee need also ifp service enabled in sssd.conf
# Restart sssd
systemctl daemon-reload
sudo su -c "truncate -s0 /var/log/sssd/*.log"
sudo su -c "rm -f /var/lib/sss/db/*"
sudo su -c "rm -f /var/lib/sss/mc/*"
sudo systemctl restart sssd.service
sudo su -c "truncate -s0 /var/log/sssd/*.log"
# It will return users (without patch, it will crash).
dbus-send --system --print-reply --dest=org.freedesktop.sssd.infopipe \
/org/freedesktop/sssd/infopipe/Users \
org.freedesktop.sssd.infopipe.Users.ListByName \
string:"*" uint32:"100"
```
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/208/head:pr208
git checkout pr208
URL: https://github.com/SSSD/sssd/pull/136
Author: spbnick
Title: #136: Tlog integration WIP
Action: opened
PR body:
"""
@lslebodn, @pbrezina, this is the work-in-progress tlog integration patchset I'd like to work on with you.
This is not for merging as it is. We can go over it when we meet :)
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/136/head:pr136
git checkout pr136
URL: https://github.com/SSSD/sssd/pull/309
Author: jhrozek
Title: #309: HBAC: Do not rely on originalMemberOf, use the sysdb memberof links instead (sssd-1-13 backprot)
Action: opened
PR body:
"""
This is a backport of the same fix we merged earlier.
The IPA HBAC code used to read the group members from the
originalMemberOf attribute value for performance reasons. However,
especially on IPA clients trusting an AD domain, the originalMemberOf
attribute value is often not synchronized correctly.
Instead of going through the work of maintaining both member/memberOf
and originalMemberOf, let's just do an ASQ search for the group names of
the groups the user is a member of in the cache and read their
SYSBD_NAME attribute.
To avoid clashing between similarly-named groups in IPA and in AD, we
look at the container of the group.
Resolves:
https://pagure.io/SSSD/sssd/issue/3382
(cherry picked from commit c92e49144978ad3b6c9fffa8803ebdad8f6f5b18)
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/309/head:pr309
git checkout pr309
URL: https://github.com/SSSD/sssd/pull/32
Author: fidencio
Title: #32: Requesting a pull to SSSD:master from fidencio:wip/#3138
Action: opened
PR body:
"""
This patch series is intended to solve #3138 by adding a new service
that updates the confdb. As part of the series this service is used by
secrets service.
I only ran CI locally and the two secrets tests have been failing. /o\
Also, I've noticed some weird behavior, where the sssd-update-confdb
service starts for apparently no reason, when upgrading fedora
packages.
Anyways, these pieces of code really need some detailed review as it
was the first time I've been "seriously" playing with TEvent requests.
So, please, consider it more like an RFC than a well finished and
polished code.
Best Regards,
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/32/head:pr32
git checkout pr32
URL: https://github.com/SSSD/sssd/pull/244
Author: lslebodn
Title: #244: KCM: Modify krb5 snippet file kcm_default_ccache
Action: opened
PR body:
"""
The file kcm_default_ccache must enable KCM ccache by default
without any modification of the file.
The patch also fixes few issues.
* /etc/krb5.conf.d is fedora/el7 specific and therefore should not
be created by make. File will be installed to $datadir/sssd-kcm by
default
* /etc/krb5.conf.d/ should not be owned by sssd-kcm because it is owned
by dependency of sssd-kcm (krb5-libs)
sh$ rpm -qf /etc/krb5.conf.d/
sssd-kcm-1.15.3-0.20170411.0929.gitdbeae4834.fc26.x86_64
krb5-libs-1.15.1-7.fc26.x86_64
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/244/head:pr244
git checkout pr244
URL: https://github.com/SSSD/sssd/pull/181
Author: jhrozek
Title: #181: README.md: Point to our releases on pagure
Action: opened
PR body:
"""
Since the README.md is more or less what the wiki front page used to be,
it makes sense, especially for Github users, to point to our releases
from README.md
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/181/head:pr181
git checkout pr181
URL: https://github.com/SSSD/sssd/pull/171
Author: jhrozek
Title: #171: Make our readme.md a bit more user-friendly and add a note about filing bugs
Action: opened
PR body:
"""
None
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/171/head:pr171
git checkout pr171
URL: https://github.com/SSSD/sssd/pull/265
Author: fidencio
Title: #265: Test for issue #3391 (sss_override doesn't work with files provider)
Action: opened
PR body:
"""
This patch includes the test for overriden user using files provider and it's expected to fail till we have a fix for issue #3391.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/265/head:pr265
git checkout pr265