URL: https://github.com/SSSD/sssd/pull/821
Author: thalman
Title: #821: SERVER: Receving SIGSEGV process on shutdown
Action: opened
PR body:
"""
There is race condition when dynamic libraries are unloaded. Talloc
library calls our destructors but they still need openssl calls
which might be not available.
Solution is to free explicitely memory context and trigger
destructors before calling exit().
The first commit seems to fix the issue but consider similar way of freeing
resources in kerberos and ldap providers in other two commits.
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1672584
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/821/head:pr821
git checkout pr821
URL: https://github.com/SSSD/sssd/pull/820
Author: pbrezina
Title: #820: ad: delete domains disabled through ad_enabled_domains from cache
Action: opened
PR body:
"""
Steps to reproduce:
1. Have at least one subdomain in ad domain (e.g. child.ad.vm is subdomain of ad.vm).
2. Enable all domains, set ad_enabled_domains =
[ad.vm]
...
ad_enabled_domains =
3. Look up 'administrator(a)child.ad.vm'
$ id administrator(a)child.ad.vm
uid=1678800500(administrator(a)child.ad.vm) ...
4. Disable the subdomain by setting 'ad_enabled_domains = ad.vm'
5. Restart sssd without clearing the cache
6. Request for *(a)child.ad.vm will go to data provider and try to lookup the user in child.ad.vm domain which will yield 'domain not found'. However if the user is cached it will return the user.
$ id administrator(a)child.ad.vm
uid=1678800500(administrator(a)child.ad.vm) ...
Subdomains that are not root domains are removed from cache. Root domains are
disabled in sysdb with new `enabled` attribute.
Resolves:
https://pagure.io/SSSD/sssd/issue/4009
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/820/head:pr820
git checkout pr820
URL: https://github.com/SSSD/sssd/pull/705
Author: jhrozek
Title: #705: KCM: Add configurable quotas
Action: opened
PR body:
"""
This PR adds several patches that let the user configure quotas to store
their ccaches.
Please see the commit messages, I hope they are verbose enough. One thing
that should be pointed out is that the global number of ccaches is explicitly
unlimited. Does anyone see an issue with just enforcing the per-UID limits?
An upcoming PR(s) would implement warning when the quota is being exceeded
and a sssctl command to let the administrator display the quota taken.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/705/head:pr705
git checkout pr705
URL: https://github.com/SSSD/sssd/pull/825
Author: thalman
Title: #825: CONFDB: Files domain if activated without .conf
Action: opened
PR body:
"""
Implicit files domain gets activated when no sssd.conf present
and sssd is started. This does not respect --disable-files-domain
configure option
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1713352
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/825/head:pr825
git checkout pr825
URL: https://github.com/SSSD/sssd/pull/796
Author: pbrezina
Title: #796: ci: enable sssd-ci for 1-16 branch
Action: opened
PR body:
"""
Fedora 28 is the latest version containing 1.16 so I think it is fine
to not run the test against Fedora 29+. Besides this change this patch
contains files from master without change.
(including PR 793 that is not yet merge)
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/796/head:pr796
git checkout pr796
URL: https://github.com/SSSD/sssd/pull/812
Author: jhrozek
Title: #812: Implement background refresh for IPA and AD domains and subdomains
Action: opened
PR body:
"""
This PR refactors the existing background refresh task to be more extendable,
splits out the account handlers of IPA and AD providers into tevent requests
which are finally reused by new ipa_refresh and ad_refresh modules.
The refreshes are done in batches so that we don't starve out other requests
or even invoke the watchdog.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/812/head:pr812
git checkout pr812
URL: https://github.com/SSSD/sssd/pull/835
Author: thalman
Title: #835: LDAP: failover does not work on non-responsive ldaps
Action: opened
PR body:
"""
In case ldaps:// is used, then establishing the secure socket is
a sychronous operation. If there's nothing on the other end, then
the process would be stuck waiting in for the crypto library
to finish.
Here we set socket read/write timeout so the operation can finish
in reasonable time with an error. The ldap_network_timeout
option is used for this timeout.
Resolves:
https://pagure.io/SSSD/sssd/issue/2878
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/835/head:pr835
git checkout pr835