| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory
permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard
links.
This security problem was assigned CVE-2013-0219
https://fedorahosted.org/sssd/ticket/1782
|
|
|
|
|
|
|
|
| |
There used to be an overlinked dependency that's gone now, so
to fix a build error add CLIENT_LIBS to sss_ssh_knownhostsproxy_LDFLAGS.
v2:
Fix sss_ssh_authorizedkeys linking as well.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1460
|
|
|
|
|
|
|
|
|
|
|
| |
libtool: link: gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -fno-strict-aliasing -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,--version-script -Wl,./src/providers/sssd_be.exports -o sssd_be src/providers/data_provider_be.o src/providers/data_provider_fo.o src/providers/data_provider_opts.o src/providers/data_provider_callbacks.o src/providers/fail_over.o src/resolv/async_resolv.o -Wl,--export-dynamic -lpam -lcares ./.libs/libsss_util.a -ltevent -ltalloc -lpopt -lldb -ldbus-1 -lpcre -lini_config -lcollection -ldhash -llber -lldap -ltdb -lunistring -lcrypto
/usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: src/providers/data_provider_be.o: undefined reference to symbol 'dlsym@@GLIBC_2.2.5'
/usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: note: 'dlsym@@GLIBC_2.2.5' is defined in DSO /lib64/libdl.so.2 so try adding it to the linker command line
/lib64/libdl.so.2: could not read symbols: Invalid operation
collect2: error: ld returned 1 exit status
make[2]: *** [sssd_be] Error 1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
| |
This change removes the need to canonicalize host names on the responder
side - the relevant code was removed.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1227
|
|
|
|
|
| |
Accidentally removed the endif in the patch removing 'make
experimental-rpms'
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
resolver code
|
| |
|
|
|
|
| |
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
A very simply binary that can be used to test getting data from the
library via SSSD in pretty much the same way SSSD would. A required
positional parameter specifies the map name and the tool would print out
all the key/value pairs using _sss_getautomntent_r(). You can also
specify -n to query a specific key using _sss_getautomntbyname_r().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the library the autofs client is using. automounter dlopen()s
the library so there is no header file, no pkgconfig file and the
library is in the libsss_autofs package, not in -devel.
The library provides the following interface:
* _sss_setautomntent() - select the map for processing
* _sss_getautomntent_r() - iterates through key/value pairs in the
selected map. The key is usually the mount
point, the value is mount information
(server:/export)
* _sss_getautomntbyname_r() - returns value for a specific key.
* _sss_endautomntent() deselect a map, clean up
|
| |
|
| |
|
|
|
|
|
|
| |
New sudo responder option: cache_timeout
https://fedorahosted.org/sssd/ticket/1111
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1158
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1110
Adds new configuration options:
- ldap_sudo_refresh_enabled - enable/disable periodical updates
- ldap_sudo_refresh_timeout - rules timeout (refresh period)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of timing out the initgroups lookup on a per-cctx basis,
we will maintain a hash table of recently-seen users and use this
instead. This will allow SSSD to handle user's logging into
multiple services simultaneously more graciously, as well as
playing nicer with SSH (which makes calls to PAM both before and
after a fork).
https://fedorahosted.org/sssd/ticket/1063
|