| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory
permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard
links.
This security problem was assigned CVE-2013-0219
https://fedorahosted.org/sssd/ticket/1782
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a regression in the local domain tools where sss_groupadd no longer
detected a GID duplicate. The check for EEXIST is moved one level up into
more high level function.
The patch also adds the same rename support for users. I found it odd that
we allowed a rename of groups but not users. There is a catch when storing
a user -- his cached password would be gone. I think that renaming a user
is such a rare operation that it's not severe, plus there is a warning in
the logs.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1274
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1136
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This test always generate a random string so each time the test is run we will
test the hash function with a new value.
It also hashes the same string twice and compares the result so that we have a
chance of catching if uninitialized variables are getting mixed into the value
calculation and end up generating different results for the same input.
|
| |
|
| |
|
| |
|
|
|
|
| |
Coverity 12394, 12395, 12396, 12397 and 12398
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1046
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/836
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is mostly a cosmetic patch.
The purpose of wrapping a multi-line macro in a do { } while(0) is to
make the macro usable as a regular statement, not a compound statement.
When the while(0) is terminated with a semicolon, the do { } while(0);
block becomes a compound statement again.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/956
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed:
SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED)
Added new macro:
CONVERT_AND_SET_DEBUG_LEVEL(new_value)
Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0
so DEBUG macro could be reduced by one condition. Anyway, it has a minor
effect, every time you want to load debug_level from command line parameters,
you have to use following pattern:
/* Set debug level to invalid value so we can deside if -d 0 was used. */
debug_level = SSSDBG_INVALID;
pc = poptGetContext(argv[0], argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) { ... }
CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/925
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/925
Conversion of the old debug_level format to the new one.
(only where it was necessary)
Removed:
SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
|
|
|
|
|
|
| |
This patch deletes memory context parameter in those places in sysdb
where it is not necessary. The code using modified functions has been
updated. Tests updated as well.
|
|
|
|
|
| |
The patch also updates code using modified functions. Tests have also
been adjusted.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/943
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/943
|
| |
|
|
|
|
|
| |
Allows to be more concise in tests and more defensive in resolve
callbacks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several parts of the HBAC python bindings did not work with old Python
versions, such as the one shipped in RHEL5.
The changes include:
* a compatibility wrapper around python set object
* PyModule_AddIntMacro compat macro
* Py_ssize_t compat definition
* Do not use PyUnicode_FromFormat
* several function prototypes and structures used to have "char
arguments where they have "const char *" in recent versions.
This caused compilation warnings this patch mitigates by using
the discard_const hack on python 2.4
|
|
|
|
|
|
|
|
|
| |
These changes were proposed during a review:
* Change the signature of str_concat_sequence() to const char *
* use a getsetter for HbacRule.enabled to allow string true/false and
integer 1/0 in addition to bool
* fix a minor memory leak (HbacRequest.rule_name)
* remove overzealous discard consts
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/807
|
| |
|
|
|
|
|
|
|
|
| |
Sometimes, a value in LDAP will cease to exist (the classic
example being shadowExpire). We need to make sure we purge that
value from SSSD's sysdb as well.
https://fedorahosted.org/sssd/ticket/750
|
|
|
|
|
|
| |
Specially crafted packages might lead to an integer overflow and the
parsing of the input buffer might not continue as expected. This issue
was identified by Sebastian Krahmer <krahmer@suse.de>.
|
|
|
|
| |
Includes a unit test
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/714
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/732
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/728
|