sssd.git/src/tools, branch srvbackport sssd with jhrozek's patches TOOLS: Compile on old platforms such as RHEL5 2013-02-11T14:45:10+00:00 Ondrej Kos okos@redhat.com 2013-02-11T11:59:01+00:00 f5bb0ff1c3c59cf77bd7bb7e84cadcc68bef445e Provides compatible declarations for modern file management functions such as futimens or opening with the O_CLOEXEC flag 
Provides compatible declarations for modern file management functions
such as futimens or opening with the O_CLOEXEC flag
TOOLS: Use file descriptor to avoid races when creating a home directory 2013-02-11T14:45:10+00:00 Ondrej Kos okos@redhat.com 2013-02-07T10:26:45+00:00 f03094b1950325fd0d7f59fd626ac3d34ce56731 When creating a home directory, the destination tree can be modified in various ways while it is being constructed because directory permissions are set before populating the directory. This can lead to file creation and permission changes outside the target directory tree, using hard links. This security problem was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782 
When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory
permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard
links.

This security problem was assigned CVE-2013-0219

https://fedorahosted.org/sssd/ticket/1782
TOOLS: Use openat/unlinkat when removing the homedir 2013-02-11T14:45:10+00:00 Jakub Hrozek jhrozek@redhat.com 2012-12-12T18:02:33+00:00 9ec97a7502739c4966b5f3eb9d6b6ed282cf954b The removal of a home directory is sensitive to concurrent modification of the directory tree being removed and can unlink files outside the directory tree. This security issue was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782 
The removal of a home directory is sensitive to concurrent modification
of the directory tree being removed and can unlink files outside the
directory tree.

This security issue was assigned CVE-2013-0219

https://fedorahosted.org/sssd/ticket/1782
Replace system() function with fork and execl call. 2011-07-05T12:02:21+00:00 Matthew Ife matthew.ife@airattack-central.com 2011-07-01T18:27:24+00:00 a0253cca6c0961a22c64a319915dc2fdad10caea This is much more selinux friendly as it allows policy makers to call nscd_domtrans to transition to nscd_t instead of giving more access to the system via the corcmd_exec_bin macro. Modified-by: Simo Sorce <ssorce@redhat.com> Signed-off-by: Simo Sorce <ssorce@redhat.com> 
This is much more selinux friendly as it allows policy makers to call
nscd_domtrans to transition to nscd_t instead of giving more access to
the system via the corcmd_exec_bin macro.

Modified-by: Simo Sorce <ssorce@redhat.com>

Signed-off-by: Simo Sorce <ssorce@redhat.com>
sss_obfuscate: abort on ctrl+c 2011-03-24T18:14:02+00:00 Stephen Gallagher sgallagh@redhat.com 2011-03-24T14:57:08+00:00 6718eb8bc04df52cd475c7659831d9f549b9cf2e There is a python bug (http://bugs.python.org/issue11236) where getpass.getpass() does not throw KeyboardInterrupt on ctrl+c. This workaround is the closest we can get: if we detect the control character in the string that we read, we'll cancel. 
There is a python bug (http://bugs.python.org/issue11236) where
getpass.getpass() does not throw KeyboardInterrupt on ctrl+c. This
workaround is the closest we can get: if we detect the control
character in the string that we read, we'll cancel.
sss_obfuscate: Avoid traceback on ctrl+d 2011-03-24T18:14:02+00:00 Stephen Gallagher sgallagh@redhat.com 2011-03-24T14:54:34+00:00 7c4d48633bc3bee025a996df888f998317651ec1 






removing password option functionality
2011-02-03T17:18:33+00:00

Gowrishankar Rajaiyan
gsr@redhat.com

2011-02-02T13:48:10+00:00

63c93f17961ce33e525af915ebb9c530db1cccc8












Gracefully handle permission errors in sss_obfuscate
2011-02-03T17:17:52+00:00

Stephen Gallagher
sgallagh@redhat.com

2011-02-01T21:16:18+00:00

026f55b3494e3c01203f263fd699c91219cde5d6












Make the domain argument mandatory in sss_obfuscate
2011-02-03T17:17:48+00:00

Stephen Gallagher
sgallagh@redhat.com

2011-02-01T21:10:19+00:00

ce695425d92fb528ad7e5364fd375b2ddc47e352

It doesn't make sense to set a "default" domain. We should require
that the domain always be specified.





It doesn't make sense to set a "default" domain. We should require
that the domain always be specified.







Fix usability of sss_obfuscate command
2011-01-17T17:19:00+00:00

Stephen Gallagher
sgallagh@redhat.com

2011-01-17T15:31:52+00:00

8d00718b943ab8b326320feb50820f0663031817