sssd.git/src/tools, branch rhel5.10 System Security Services Daemon [okos' clone] TOOLS: Compile on old platforms such as RHEL5 2013-05-16T09:06:07+00:00 Ondrej Kos okos@redhat.com 2013-02-11T11:59:01+00:00 e57b8a6b0d7dbb0e336ba236841b27320bc3f886 Provides compatible declarations for modern file management functions such as futimens or opening with the O_CLOEXEC flag 
Provides compatible declarations for modern file management functions
such as futimens or opening with the O_CLOEXEC flag
TOOLS: Use file descriptor to avoid races when creating a home directory 2013-05-16T09:06:07+00:00 Ondrej Kos okos@redhat.com 2013-02-07T10:26:45+00:00 c7b75b4069e53ab7e3013641782cd6a0958a77ff When creating a home directory, the destination tree can be modified in various ways while it is being constructed because directory permissions are set before populating the directory. This can lead to file creation and permission changes outside the target directory tree, using hard links. This security problem was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782 
When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory
permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard
links.

This security problem was assigned CVE-2013-0219

https://fedorahosted.org/sssd/ticket/1782
TOOLS: Use openat/unlinkat when removing the homedir 2013-05-16T09:06:07+00:00 Jakub Hrozek jhrozek@redhat.com 2012-12-12T18:02:33+00:00 a2d35c19d8d7cb6411457939a576f14e85b18045 The removal of a home directory is sensitive to concurrent modification of the directory tree being removed and can unlink files outside the directory tree. This security issue was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782 
The removal of a home directory is sensitive to concurrent modification
of the directory tree being removed and can unlink files outside the
directory tree.

This security issue was assigned CVE-2013-0219

https://fedorahosted.org/sssd/ticket/1782
sss_obfuscate: Avoid traceback on ctrl+d 2011-03-25T13:16:28+00:00 Stephen Gallagher sgallagh@redhat.com 2011-03-24T14:54:34+00:00 61d3d86693b9ec5afd47c510c5aeab45cff768f8 sss_obfuscate: abort on ctrl+c There is a python bug (http://bugs.python.org/issue11236) where getpass.getpass() does not throw KeyboardInterrupt on ctrl+c. This workaround is the closest we can get: if we detect the control character in the string that we read, we'll cancel. 
sss_obfuscate: abort on ctrl+c

There is a python bug (http://bugs.python.org/issue11236) where
getpass.getpass() does not throw KeyboardInterrupt on ctrl+c. This
workaround is the closest we can get: if we detect the control
character in the string that we read, we'll cancel.
sss_obfuscate fixes 2011-02-15T12:34:55+00:00 Stephen Gallagher sgallagh@redhat.com 2011-02-01T21:10:19+00:00 ee59229e1227abe20bf4952919a2e919ed58172c Make the domain argument mandatory in sss_obfuscate It doesn't make sense to set a "default" domain. We should require that the domain always be specified. Gracefully handle permission errors in sss_obfuscate Make SSSDConfig API configuration readable Previously, only root could read these files, but it makes sense to allow non-root users to prototype sssd.conf files. removing password option functionality 
Make the domain argument mandatory in sss_obfuscate

It doesn't make sense to set a "default" domain. We should require
that the domain always be specified.

Gracefully handle permission errors in sss_obfuscate

Make SSSDConfig API configuration readable

Previously, only root could read these files, but it makes sense
to allow non-root users to prototype sssd.conf files.

removing password option functionality
Fix usability of sss_obfuscate command 2011-01-17T17:19:00+00:00 Stephen Gallagher sgallagh@redhat.com 2011-01-17T15:31:52+00:00 8d00718b943ab8b326320feb50820f0663031817 






Fix boolean comparison against string
2011-01-05T13:06:17+00:00

Stephen Gallagher
sgallagh@redhat.com

2011-01-03T18:07:51+00:00

04f0cf2ce6140bcb3b38dccd4f9e44858b53a4fd

Coverity 10082 and 100083





Coverity 10082 and 100083







Properly check the return value from semanage_commit
2010-11-05T18:50:38+00:00

Stephen Gallagher
sgallagh@redhat.com

2010-11-05T12:54:50+00:00

a476bf85436d8a8195df1693db5b806a9c8f56bd

semanage_commit() returns -1 on error, and can return a positive
value on success.

https://bugzilla.redhat.com/show_bug.cgi?id=649037





semanage_commit() returns -1 on error, and can return a positive
value on success.

https://bugzilla.redhat.com/show_bug.cgi?id=649037







Fix assorted minor bugs in sss_ tools
2010-09-08T13:36:22+00:00

Jakub Hrozek
jhrozek@redhat.com

2010-08-31T16:12:25+00:00

8443d24c0584f45151e0c80506d7a572b8a38ed7

Fixes: #585





Fixes: #585







sss_obfuscate tool
2010-09-08T13:36:22+00:00

Jakub Hrozek
jhrozek@redhat.com

2010-08-30T09:46:47+00:00

530ba03ecabb472f17d5d1ab546aec9390492de1

A tool to add obfuscated passwords into the SSSD config file





A tool to add obfuscated passwords into the SSSD config file