sssd.git/src, branch simo_ccname sssd with jhrozek's patches krb5: Replace type-specific ccache/principal check 2013-08-30T05:00:33+00:00 Simo Sorce simo@redhat.com 2013-08-30T04:58:24+00:00 4b1e4af6b7d2e86f3bfaccba07acc9beb44b3182 Instead of having duplicate functions that are type custom use a signle common function that also performs access to the cache as the user owner, implicitly validating correctness of ownership. Resolves: https://fedorahosted.org/sssd/ticket/2061 
Instead of having duplicate functions that are type custom use a signle common
function that also performs access to the cache as the user owner, implicitly
validating correctness of ownership.

Resolves:
https://fedorahosted.org/sssd/ticket/2061
krb5: Use krb5_cc_destroy to remove old ccaches 2013-08-29T03:36:50+00:00 Simo Sorce simo@redhat.com 2013-08-29T03:18:37+00:00 be894d65471bb6de25623f01a02c606a20b76468 This completely replaces the per-ccache-type custom code to remove old cacches and instead uses libkrb5 base doperations (krb5_cc_destroy) and operating as the user owner. Resolves: https://fedorahosted.org/sssd/ticket/2061 
This completely replaces the per-ccache-type custom code to remove old cacches
and instead uses libkrb5 base doperations (krb5_cc_destroy) and operating as
the user owner.

Resolves:
https://fedorahosted.org/sssd/ticket/2061
krb5: Add helper to destroy ccache as user 2013-08-29T02:28:35+00:00 Simo Sorce simo@redhat.com 2013-08-29T02:12:07+00:00 c0b30b30d087cfa1051b86c432fdbda8c03e9f9d This function safely destroy a ccache given a cache name and user crdentials. It becomes the user so no possible races can compromise the system, then uses libkrb5 functions to properly destroy a ccache, independently of the cache type. Finally restores the original credentials after closing the ccache handlers. Resolves: https://fedorahosted.org/sssd/ticket/2061 
This function safely destroy a ccache given a cache name and user crdentials.
It becomes the user so no possible races can compromise the system, then
uses libkrb5 functions to properly destroy a ccache, independently of the
cache type.
Finally restores the original credentials after closing the ccache handlers.

Resolves:
https://fedorahosted.org/sssd/ticket/2061
krb5: Add calls to change and restore credentials 2013-08-29T02:17:12+00:00 Simo Sorce simo@redhat.com 2013-08-29T01:19:32+00:00 44a9fd23f1da009e03f60e4d297a5e1d51caa533 In some cases we want to temporarily assume user credentials but allow the process to regain back the original credentials (normally regaining uid 0). Related: https://fedorahosted.org/sssd/ticket/2061 
In some cases we want to temporarily assume user credentials but allow the
process to regain back the original credentials (normally regaining uid 0).

Related:
https://fedorahosted.org/sssd/ticket/2061
Updating translations for the 1.11.0 release 2013-08-28T20:40:00+00:00 Jakub Hrozek jhrozek@redhat.com 2013-08-28T20:40:00+00:00 a9228ebcce14888b3123bdf46e610e0900bcd2cc 






IPA_HBAC: Explicitelly include header file time.h
2013-08-28T20:02:49+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-08-28T06:31:18+00:00

7ef1ff8673668c5254db9194a125f58755e2d2b1

struct hbac_eval_req is defined in header file and it has attribute
request_time with type time_t, but header file "time.h" was not included.
It was not problem, because time.h was indirectly included by stdlib.h
(stdlib.h -> sys/types.h -> time.h) in implementation files,
but other platforms can have other dependencies among header files.





struct hbac_eval_req is defined in header file and it has attribute
request_time with type time_t, but header file "time.h" was not included.
It was not problem, because time.h was indirectly included by stdlib.h
(stdlib.h -> sys/types.h -> time.h) in implementation files,
but other platforms can have other dependencies among header files.







MEMBEROF: Remove temporary workaround
2013-08-28T20:02:49+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-08-28T06:31:18+00:00

47d35b3d6b0e1023c8dcdbc8371d6f3ca762dfe4












UTIL: Explicitly include header file sys/socket.h
2013-08-28T20:02:49+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-08-28T06:31:17+00:00

9d54fa809d7bf1b647e50081958ef33456c591bf

We use constant AF_INET6 in util.c, but we do not explicitly include header
file sys/socket.h. This header file was indirectly incuded by another header
file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can
have other dependencies among header files.





We use constant AF_INET6 in util.c, but we do not explicitly include header
file sys/socket.h. This header file was indirectly incuded by another header
file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can
have other dependencies among header files.







MONITOR: Move function declaration out of conditional build
2013-08-28T20:02:49+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-08-28T06:31:17+00:00

1bf580d3c6bbcfcff0c3dfd348e7c0a16d9d3d9e

Function monitor_config_file_fallback was defined inside of conditional
block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block.
This patch move declaration of function before start of conditional build
section.





Function monitor_config_file_fallback was defined inside of conditional
block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block.
This patch move declaration of function before start of conditional build
section.







CLIENT: Fix non gnu sss_strnlen implementation
2013-08-28T20:02:49+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-08-28T06:31:17+00:00

c08e3aca5a8f3869e47c42bded962292cffccce6

last argument of function sss_strnlen "size_t *len" is output variable.
We need to increment value of size_t being pointed to by pointer instead of
incrementing pointer.





last argument of function sss_strnlen "size_t *len" is output variable.
We need to increment value of size_t being pointed to by pointer instead of
incrementing pointer.