sssd.git/src/util, branch sssctl Unnamed repository; edit this file 'description' to name the repository. Fix minor spelling mistakes 2017-10-25T08:24:49+00:00 René Genz liebundartig@freenet.de 2017-10-22T20:24:27+00:00 a02a5ed51178b2cbede0396d66aed716b8898096 Merges: https://pagure.io/SSSD/sssd/pull-request/3556 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Merges: https://pagure.io/SSSD/sssd/pull-request/3556

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SELINUX: Use getseuserbyname to get IPA seuser 2017-09-06T06:17:53+00:00 Justin Stephenson jstephen@redhat.com 2017-03-09T22:21:37+00:00 cfe87ca0c4fded9cbf907697d08fa0e6c8f8ebce The libselinux function getseuserbyname is more reliable method to retrieve SELinux usernames then functions from libsemanage `semanage_user_query` and is recommended by libsemanage developers. Replace get_seuser function with getseuserbyname. Resolves: https://pagure.io/SSSD/sssd/issue/3308 Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Petr Lautrbach <plautrba@redhat.com> 
The libselinux function getseuserbyname is more reliable method to retrieve
SELinux usernames then functions from libsemanage `semanage_user_query`
and is recommended by libsemanage developers.
Replace get_seuser function with getseuserbyname.

Resolves:
https://pagure.io/SSSD/sssd/issue/3308

Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Petr Lautrbach <plautrba@redhat.com>
UTIL: Add sss_create_dir() 2017-08-28T18:40:53+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-02T12:00:03+00:00 6f466e0a3d950d21bd750ef53cb93b75dc023f9e The newly added function helps us to create a new dir avoiding a possible TUCTOU issue. It's going to be used by the new session provider code. A simple test for this new function has also been provided. Related: https://pagure.io/SSSD/sssd/issue/2995 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
The newly added function helps us to create a new dir avoiding a
possible TUCTOU issue.

It's going to be used by the new session provider code.

A simple test for this new function has also been provided.

Related:
https://pagure.io/SSSD/sssd/issue/2995

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
UTIL: move {files,selinux}.c under util directory 2017-08-28T18:40:43+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-02T10:10:10+00:00 5b93634c7f0e34f69b4cf8fb9b2e77b9179024a7 files.c has at least one function that will be re-used for the new session provider that's about to be added. Also, a few other functions may be added and files.c seems the right place for those. selinux.c has been moved together with files.c as the latter takes advantage of some functions from the former and we do not want to always link agains the tools code. The public functions from files.c got a "sss_" prefix and it has been changed whenever they're used. Last but not least, all the places that included "tools/tools_util.h" due to the functions on files.c had this include removed (as they were already including "util/util.h". Related: https://pagure.io/SSSD/sssd/issue/2995 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
files.c has at least one function that will be re-used for the new
session provider that's about to be added. Also, a few other functions
may be added and files.c seems the right place for those.

selinux.c has been moved together with files.c as the latter takes
advantage of some functions from the former and we do not want to always
link agains the tools code.

The public functions from files.c got a "sss_" prefix and it has been
changed whenever they're used.

Last but not least, all the places that included "tools/tools_util.h"
due to the functions on files.c had this include removed (as they were
already including "util/util.h".

Related:
https://pagure.io/SSSD/sssd/issue/2995

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
UTIL: Set udp_preference_limit=0 in krb5 snippet 2017-08-14T13:26:29+00:00 Petr Čech pcech@redhat.com 2017-03-28T12:35:22+00:00 6bd6571dfe97fb9c6ce9040c3fcfb4965f95eda1 We add udp_preference_limit = 0 to krb5 snippet if ad provider is used. This option enable TCP connection before UDP, when sending a message to the KDC. Resolves: https://pagure.io/SSSD/sssd/issue/3254 Signed-off-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Robbie Harwood <rharwood@redhat.com> 
We add udp_preference_limit = 0 to krb5 snippet if ad provider is
used. This option enable TCP connection before UDP, when sending
a message to the KDC.

Resolves:
https://pagure.io/SSSD/sssd/issue/3254

Signed-off-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
Moving headers used by both server and client to special folder 2017-08-03T09:08:15+00:00 AmitKumar amitkuma@redhat.com 2017-07-22T23:49:27+00:00 3996e391054a1c02ab62e1541ae21a8204bd5d0a These are the header files which are used by both client and server: src/util/io.h src/util/murmurhash3.h src/util/util_safealign.h This patch is about moving these header files to special folder (src/shared). It will be easier to identify these headers when looking for them in the src tree. util_safalign.h is renamed as safalign.h because util_ namespace is appropriate when this file belonged to the util's folder which is no longer the case. Resolves: https://pagure.io/SSSD/sssd/issue/1898 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
These are the header files which are used by both client and server:
src/util/io.h
src/util/murmurhash3.h
src/util/util_safealign.h

This patch is about moving these header files to special folder
(src/shared). It will be easier to identify these headers when looking
for them in the src tree.
util_safalign.h is renamed as safalign.h because util_ namespace is
appropriate when this file belonged to the util's folder which is no
longer the case.

Resolves:
https://pagure.io/SSSD/sssd/issue/1898

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
UTIL: Add session recording conf management module 2017-07-27T08:32:30+00:00 Nikolai Kondrashov Nikolai.Kondrashov@redhat.com 2017-03-17T10:41:02+00:00 99b96048b79b0228c3f7c431ea12010f7bd5b362 Add an util module for loading session recording configuration. To be used by responders and data provider. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Add an util module for loading session recording configuration.
To be used by responders and data provider.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
CRYPTO: Do not call NSS_Shutdown after every operation 2017-07-24T19:39:38+00:00 Jakub Hrozek jhrozek@redhat.com 2017-06-07T13:55:39+00:00 a6f606117e5cfe64c4b49f94e514bf82054716d3 Calling setup and teardown on every encryption cases issues like the one described in https://bugzilla.redhat.com/show_bug.cgi?id=1456151 eventually. Similarly to other crypto functions, don't tear down NSS by calling NSS_Shutdown. Let the OS reclaim the resources. Resolves: https://pagure.io/SSSD/sssd/issue/3424 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Calling setup and teardown on every encryption cases issues like the one
described in https://bugzilla.redhat.com/show_bug.cgi?id=1456151
eventually.

Similarly to other crypto functions, don't tear down NSS by calling
NSS_Shutdown. Let the OS reclaim the resources.

Resolves:
https://pagure.io/SSSD/sssd/issue/3424

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
KCM: temporary increase hardcoded buffers 2017-07-24T19:19:07+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-07-21T15:54:23+00:00 f3a306cf76d4e72688b750a668ee93de3aad2945 Temporary workaround: https://pagure.io/SSSD/sssd/issue/3386 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Temporary workaround:
https://pagure.io/SSSD/sssd/issue/3386

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
DOMAIN: Add sss_domain_info_{get,set}_output_fqnames() 2017-06-21T09:28:15+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-06-20T12:22:48+00:00 fa2fc8a2908619031292eaf375eb1a510b8b2eba Let's avoid setting a domain's property directly from cr_domain code. In order to do so, let's introduce a setter, which may help us in the future whenever we decide to make sss_domain_info an opaque structure. For completeness, a getter has also been introduced and used in the usertools code. Related: https://pagure.io/SSSD/sssd/issue/3403 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Let's avoid setting a domain's property directly from cr_domain code.

In order to do so, let's introduce a setter, which may help us in the
future whenever we decide to make sss_domain_info an opaque structure.

For completeness, a getter has also been introduced and used in the
usertools code.

Related:
https://pagure.io/SSSD/sssd/issue/3403

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>