sssd.git, branch rhel5.10 System Security Services Daemon [okos' clone] monitor: Add forgotten break 2013-06-18T10:24:55+00:00 Jakub Hrozek jhrozek@redhat.com 2013-05-30T11:28:59+00:00 d47d589bf657aa3352f1aad90b79a68e3d4bfdef 






Set cloexec flag for log files
2013-05-16T16:55:57+00:00

Jakub Hrozek
jhrozek@redhat.com

2012-12-15T18:56:33+00:00

b2de843cc076f60c884d51842cafbf47e1191f41

https://fedorahosted.org/sssd/ticket/1708

The services kept the fd to /var/log/sssd/sssd.log open. I don't think
there's any point in keeping the logfiles open after exec-ing for the
child, so I set the CLOEXEC flag.





https://fedorahosted.org/sssd/ticket/1708

The services kept the fd to /var/log/sssd/sssd.log open. I don't think
there's any point in keeping the logfiles open after exec-ing for the
child, so I set the CLOEXEC flag.







TOOLS: Compile on old platforms such as RHEL5
2013-05-16T09:06:07+00:00

Ondrej Kos
okos@redhat.com

2013-02-11T11:59:01+00:00

e57b8a6b0d7dbb0e336ba236841b27320bc3f886

Provides compatible declarations for modern file management functions
such as futimens or opening with the O_CLOEXEC flag





Provides compatible declarations for modern file management functions
such as futimens or opening with the O_CLOEXEC flag







TOOLS: Use file descriptor to avoid races when creating a home directory
2013-05-16T09:06:07+00:00

Ondrej Kos
okos@redhat.com

2013-02-07T10:26:45+00:00

c7b75b4069e53ab7e3013641782cd6a0958a77ff

When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory
permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard
links.

This security problem was assigned CVE-2013-0219

https://fedorahosted.org/sssd/ticket/1782





When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory
permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard
links.

This security problem was assigned CVE-2013-0219

https://fedorahosted.org/sssd/ticket/1782







UTIL: Add function for atomic I/O
2013-05-16T09:06:07+00:00

Ondrej Kos
okos@redhat.com

2013-02-07T11:11:43+00:00

b4f89f67c27cda9a27a57ca30c23b3ffab7c6a57












TOOLS: Use openat/unlinkat when removing the homedir
2013-05-16T09:06:07+00:00

Jakub Hrozek
jhrozek@redhat.com

2012-12-12T18:02:33+00:00

a2d35c19d8d7cb6411457939a576f14e85b18045

The removal of a home directory is sensitive to concurrent modification
of the directory tree being removed and can unlink files outside the
directory tree.

This security issue was assigned CVE-2013-0219

https://fedorahosted.org/sssd/ticket/1782





The removal of a home directory is sensitive to concurrent modification
of the directory tree being removed and can unlink files outside the
directory tree.

This security issue was assigned CVE-2013-0219

https://fedorahosted.org/sssd/ticket/1782







Add new debug level macros
2013-05-16T09:06:07+00:00

Ondrej Kos
okos@redhat.com

2013-02-06T13:27:38+00:00

636e4a097bf8e5e99b762ca2674ce2dc5965e061












SSSD leaks memory when following referrals
2013-05-16T09:04:11+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-04-24T22:37:58+00:00

ceb2df11a34aa182b2708eabf9c5ac34ea52dada












Restart services with a delay in case they are restarted too often
2013-05-16T09:04:07+00:00

Jakub Hrozek
jhrozek@redhat.com

2012-11-15T18:26:18+00:00

524ad8e5d29d8756d2d171e4e56515cb9c2dee0d

In case a service is restarted while the DP is not ready yet, it gets
restarted again immediatelly, which means the DP might still not be
ready. The allowed number of restarts is then depleted quickly.

This patch changes the restart mechanism such that the first restart
happens immediatelly, the second is scheduled after 2 second, then 4
etc..

https://fedorahosted.org/sssd/ticket/1528





In case a service is restarted while the DP is not ready yet, it gets
restarted again immediatelly, which means the DP might still not be
ready. The allowed number of restarts is then depleted quickly.

This patch changes the restart mechanism such that the first restart
happens immediatelly, the second is scheduled after 2 second, then 4
etc..

https://fedorahosted.org/sssd/ticket/1528







LDAP: Only use paging control on requests for multiple entries
2013-05-16T09:04:04+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-04-23T20:59:48+00:00

ae07962fd8629918f15597bd2773b20ecd10dc0e

The paging control can cause issues on servers that put limits on how
many paging controls can be active at one time (on some servers, it is
limited to one per connection). We need to reduce our usage so that we
only activate the paging control when making a request that may return an
arbitrary number of results.





The paging control can cause issues on servers that put limits on how
many paging controls can be active at one time (on some servers, it is
limited to one per connection). We need to reduce our usage so that we
only activate the paging control when making a request that may return an
arbitrary number of results.