sssd.git/src/providers/krb5, branch misc sssd with jhrozek's patches KRB5_CHILD: More restrictive umask 2015-11-05T15:07:51+00:00 Petr Cech pcech@redhat.com 2015-10-07T12:57:15+00:00 fb75e886c2f203fe8c10e572cd4d8c635941678d We could use more restrictive umask in krb5_child. I found out that there is directory creation, but it is done by create_ccache_dir() which has its own umask setup. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
We could use more restrictive umask in krb5_child. I found out that
there is directory creation, but it is done by create_ccache_dir()
which has its own umask setup.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
FO: Use refcount to keep track of servers returned to callers 2015-10-23T08:21:13+00:00 Jakub Hrozek jhrozek@redhat.com 2015-10-11T13:34:44+00:00 10c07e188323a2f9824b5e34379f3b1a9b37759e Resolves: https://fedorahosted.org/sssd/ticket/2829 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Resolves:
    https://fedorahosted.org/sssd/ticket/2829

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
REFACTOR: umask(077) --> umask(SSS_DFL_X_UMASK) 2015-10-14T11:27:13+00:00 Petr Cech pcech@redhat.com 2015-10-05T14:12:36+00:00 f8e337540d280f944098cd4dd7d670e2f7166b54 There are many calls of umask function with 077 argument. This patch add new constant SSS_DFL_X_UMASK which stands fot 077. So all occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
There are many calls of umask function with 077 argument. This patch
add new constant SSS_DFL_X_UMASK which stands fot 077. So all
occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
KRB5: Offline operation with disabled domain 2015-09-21T15:04:07+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-02T13:53:34+00:00 dd0a21738e1b71940bba11134734b5999e9fd8e9 https://fedorahosted.org/sssd/ticket/2637 If a subdomain is in the disabled state, switch krb5_child operation into offline mode. Similarly, instead of marking the whole back end as offline, mark just the domain as offline -- depending on the domain type, this would mark the whole back end or just inactivate subdomain. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
https://fedorahosted.org/sssd/ticket/2637

If a subdomain is in the disabled state, switch krb5_child operation
into offline mode.

Similarly, instead of marking the whole back end as offline, mark just
the domain as offline -- depending on the domain type, this would mark
the whole back end or just inactivate subdomain.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
sssd: incorrect checks on length values during packet decoding 2015-08-31T16:34:26+00:00 Michal Židek mzidek@redhat.com 2015-07-22T14:35:35+00:00 9f0bffebd070115ab47a92eadc6890a721c7b78d https://fedorahosted.org/sssd/ticket/1697 It is safer to isolate the checked (unknown/untrusted) value on the left hand side in the conditions to avoid overflows/underflows. Reviewed-by: Petr Cech <pcech@redhat.com> 
https://fedorahosted.org/sssd/ticket/1697

It is safer to isolate the checked (unknown/untrusted)
value on the left hand side in the conditions
to avoid overflows/underflows.

Reviewed-by: Petr Cech <pcech@redhat.com>
KRB5: Use sss_unique_file when creating kdcinfo files 2015-08-17T13:22:08+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-12T10:59:08+00:00 df07d54f881e6210c9cb6650de5617e6a99602b9 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
KRB5: Use sss_unique file in krb5_child 2015-08-17T13:22:00+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-12T10:56:14+00:00 f5db13d4462faa531c9924181f0fd51364647e2d In krb5_child, we intentionally don' set the owner of the temporary file, because we're not renaming it to a 'stable' name, but rather directly using it as the ccache. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
In krb5_child, we intentionally don' set the owner of the temporary
file, because we're not renaming it to a 'stable' name, but rather
directly using it as the ccache.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
krb5: assume online state if KDC proxy is configured 2015-08-05T12:10:24+00:00 Sumit Bose sbose@redhat.com 2015-07-31T09:06:54+00:00 67c68b563e1afc409aeadbcc828f9bdf33c57c84 If a KDC proxy is configured a request in the KRB5 provider will assume online state even if the backend is offline without changing the state of the backend. Resolves https://fedorahosted.org/sssd/ticket/2700 Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
If a KDC proxy is configured a request in the KRB5 provider will assume
online state even if the backend is offline without changing the state
of the backend.

Resolves https://fedorahosted.org/sssd/ticket/2700

Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
krb5: do not create kdcinfo file if proxy configuration exists 2015-08-05T12:10:16+00:00 Sumit Bose sbose@redhat.com 2015-07-31T09:05:48+00:00 05ed6a29cbd3cbec177364487a2afeade51d6546 Resolves https://fedorahosted.org/sssd/ticket/2652 Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves https://fedorahosted.org/sssd/ticket/2652

Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
KRB5: Do not try to remove missing ccache 2015-08-05T09:44:05+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-07-13T10:41:42+00:00 e693e9c67e0b4c5b38ba7ce7d04f718b2da2e2d0 There was a misleading debug message in krb5_child [[sssd[krb5_child[16629]]]] [get_and_save_tgt] (0x0080): Failed to remove old ccache file [(null)], please remove it manually. Reviewed-by: Pavel Reichl <preichl@redhat.com> 
There was a misleading debug message in krb5_child
[[sssd[krb5_child[16629]]]] [get_and_save_tgt]
    (0x0080): Failed to remove old ccache file [(null)],
              please remove it manually.

Reviewed-by: Pavel Reichl <preichl@redhat.com>