Cross Reference: /sssd-io/src/providers/ad/ad_gpo

History log of /sssd-io/src/providers/ad/ad_gpo_child.c
Revision	Date	Author	Comments Expand
a24954cc19285b197fb287bfa7aa01949c92b17d	10-Nov-2017	Lukas Slebodnik <lslebodn@redhat.com>	CHILD: Pass information about logger to children Variables debug_to_file or debug_to_stderr were not set because back-end already user parameter --logger=%s. And therefore logs were not sent to files. It could only work in case of direct usage of --debug-to-files in back-end via command configuration option. Resolves: https://pagure.io/SSSD/sssd/issue/3433 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> /sssd-io/src/p11_child/p11_child_nss.c ad_gpo_child.c /sssd-io/src/providers/ipa/selinux_child.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/util/child_common.c
cb75b275d15beedd1fdecc1f8ced657fba282218	03-Nov-2017	Lukas Slebodnik <lslebodn@redhat.com>	Add parameter --logger to daemons Different binary handled information about logging differently e,g, --debug-to-files --debug-to-stderr And logging to journald was a special case of previous options (!debug_file && !debug_to_stderr). It was also tied to the monitor option "--daemon" and therefore loggind to stderr was used in interactive mode + systemd Type=notify. Resolves: https://pagure.io/SSSD/sssd/issue/3433 Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> /sssd-io/src/man/sssd.8.xml /sssd-io/src/monitor/monitor.c /sssd-io/src/p11_child/p11_child_nss.c ad_gpo_child.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/ipa/selinux_child.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/proxy/proxy_auth.c /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/responder/autofs/autofssrv.c /sssd-io/src/responder/ifp/ifpsrv.c /sssd-io/src/responder/kcm/kcm.c /sssd-io/src/responder/nss/nsssrv.c /sssd-io/src/responder/pac/pacsrv.c /sssd-io/src/responder/pam/pamsrv.c /sssd-io/src/responder/secrets/secsrv.c /sssd-io/src/responder/ssh/sshsrv.c /sssd-io/src/responder/sudo/sudosrv.c /sssd-io/src/tests/cmocka/dummy_child.c /sssd-io/src/tests/debug-tests.c /sssd-io/src/util/child_common.c /sssd-io/src/util/debug.c /sssd-io/src/util/server.c
cc2d77d5218c188119fa954c856e858cbde76947	20-Jun-2016	Pavel Březina <pbrezina@redhat.com>	Rename dp_backend.h to backend.h Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> /sssd-io/Makefile.am /sssd-io/src/p11_child/p11_child_nss.c ad_access.c ad_gpo.c ad_gpo_child.c ad_srv.c ad_subdomains.h /sssd-io/src/providers/backend.h /sssd-io/src/providers/be_dyndns.c /sssd-io/src/providers/be_ptask.c /sssd-io/src/providers/be_refresh.c /sssd-io/src/providers/data_provider_be.c /sssd-io/src/providers/data_provider_callbacks.c /sssd-io/src/providers/data_provider_fo.c /sssd-io/src/providers/ipa/ipa_auth.h /sssd-io/src/providers/ipa/ipa_dyndns.h /sssd-io/src/providers/ipa/ipa_subdomains.h /sssd-io/src/providers/ipa/selinux_child.c /sssd-io/src/providers/krb5/krb5_auth.h /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_common.c /sssd-io/src/providers/krb5/krb5_common.h /sssd-io/src/providers/ldap/ldap_access.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/ldap_common.h /sssd-io/src/providers/ldap/sdap.h /sssd-io/src/providers/ldap/sdap_access.c /sssd-io/src/providers/ldap/sdap_access.h /sssd-io/src/providers/ldap/sdap_async.h /sssd-io/src/providers/ldap/sdap_async_sudo.c /sssd-io/src/providers/ldap/sdap_autofs.c /sssd-io/src/providers/ldap/sdap_dyndns.c /sssd-io/src/providers/ldap/sdap_dyndns.h /sssd-io/src/providers/ldap/sdap_sudo.c /sssd-io/src/providers/ldap/sdap_sudo.h /sssd-io/src/providers/ldap/sdap_sudo_shared.h /sssd-io/src/providers/proxy/proxy.h /sssd-io/src/providers/proxy/proxy_child.c /sssd-io/src/providers/simple/simple_access.c /sssd-io/src/providers/simple/simple_access_check.c /sssd-io/src/tests/cmocka/test_be_ptask.c /sssd-io/src/tests/cmocka/test_data_provider_be.c
d0e0cf6ee47ab538efc47c7882f498f1b5e0f0c7	07-Apr-2016	Lukas Slebodnik <lslebodn@redhat.com>	GPO_CHILD: Create directories in gpo_cache with right permissions The parent directory has to have execute bit if we want to create subdirectories or read files there. sh-4.3$ mkdir dir sh-4.3$ echo "test" > dir/test_file sh-4.3$ chmod 644 dir/ sh-4.3$ ls dir/ test_file sh-4.3$ cat dir/test_file cat: dir/test_file: Permission denied It was not probelm for sssd in root mode because root has by default capbilities DAC_OVERRIDE and DAC_READ_SEARCH which bypass file read, write, and execute permission checks and directory read and execute permission checks Resolves: https://fedorahosted.org/sssd/ticket/2962 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> ad_gpo_child.c
192126738fa82c5624f4740147426c552126c602	07-Apr-2016	Lukas Slebodnik <lslebodn@redhat.com>	GPO: Soften umask in gpo_child The default umask(0177) inherited from sssd_be is to strict for gpo_child in non-root mode. mkdir creates directories with only "rw" permission for owner. The man 1 chmod says: "execute (or search for directories) (x)" In another words, execute bit is required for directories. sh-4.3$ mkdir dir sh-4.3$ chmod 600 dir/ sh-4.3$ mkdir dir/subdir mkdir: cannot create directory ‘dir/subdir’: Permission denied Resolves: https://fedorahosted.org/sssd/ticket/2962 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> ad_gpo_child.c
dad416a9b0095e1c423b7da65db7c636fa69e614	23-Mar-2016	Michal Židek <mzidek@redhat.com>	GPO: log specific ini parse error messages We should log error messages generated by libini if there are problems with parsing gpo files. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> ad_gpo.c ad_gpo_child.c
3954cd07dae78bf79136f0854472757d1ed26897	01-Sep-2015	Jakub Hrozek <jhrozek@redhat.com>	GPO: Use sss_unique_file and close fd on failure The GPO child didn't remove temporary file on failure and didn't close the fd on failure (the latter was not much of a problem for a short-lived child process). Reviewed-by: Pavel Březina <pbrezina@redhat.com> ad_gpo_child.c
9f0bffebd070115ab47a92eadc6890a721c7b78d	31-Aug-2015	Michal Židek <mzidek@redhat.com>	sssd: incorrect checks on length values during packet decoding https://fedorahosted.org/sssd/ticket/1697 It is safer to isolate the checked (unknown/untrusted) value on the left hand side in the conditions to avoid overflows/underflows. Reviewed-by: Petr Cech <pcech@redhat.com> ad_gpo_child.c /sssd-io/src/providers/ipa/selinux_child.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/krb5/krb5_child_handler.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/providers/ldap/sdap_child_helpers.c /sssd-io/src/sss_client/ssh/sss_ssh_client.c
f91029dd8d7dbc026a5c73e222926db957240cb4	23-Jul-2015	Yuri Chornoivan <yurchor@ukr.net>	Fix minor typos Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> /sssd-io/src/man/sssd.conf.5.xml ad_gpo_child.c /sssd-io/src/providers/ldap/sdap_async_initgroups_ad.c /sssd-io/src/sss_client/common.c /sssd-io/src/sss_client/libwbclient/wbc_sid_common.c /sssd-io/src/tests/sysdb-tests.c
2fec5f131ff3086d50e9e06e24951aa9f7d6ab5e	17-Feb-2015	Jakub Hrozek <jhrozek@redhat.com>	GPO: Better debugging for gpo_child's mkdir Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> ad_gpo_child.c
f00a61b6079d8de81432077a59daf015d85800d2	13-Jan-2015	Jakub Hrozek <jhrozek@redhat.com>	GPO: Don't use stdout for output in gpo_child Resolves: https://fedorahosted.org/sssd/ticket/2544 Use a dedicated fd instead to work around https://bugzilla.samba.org/show_bug.cgi?id=11036 Reviewed-by: Sumit Bose <sbose@redhat.com> ad_gpo.c ad_gpo.h ad_gpo_child.c
bb7ddd2be9847bfb07395341c7623da1b104b8a6	13-Jan-2015	Jakub Hrozek <jhrozek@redhat.com>	GPO: Set libsmb debugging to stderr libsmb logs to stdout by default. It's much more reasonable to log to stderr by default. Please also note: https://bugzilla.samba.org/show_bug.cgi?id=11036 and: https://fedorahosted.org/sssd/ticket/2544 Reviewed-by: Sumit Bose <sbose@redhat.com> ad_gpo_child.c
8e44ddfccebe61728d8a2c1dafce36dfa944bc90	03-Dec-2014	Jakub Hrozek <jhrozek@redhat.com>	sss_atomic_write_s() return value is signed Reviewed-by: Sumit Bose <sbose@redhat.com> ad_gpo_child.c /sssd-io/src/providers/ipa/selinux_child.c /sssd-io/src/providers/krb5/krb5_child.c /sssd-io/src/providers/ldap/ldap_child.c /sssd-io/src/responder/nss/nsssrv_mmap_cache.c /sssd-io/src/tools/sss_seed.c /sssd-io/src/tools/tools_mc_util.c /sssd-io/src/util/child_common.c
b47449d8596d9573ff13e74b6984d080b414715a	30-Jul-2014	Yassir Elley <yelley@redhat.com>	AD-GPO: only download policy files if gpo version changes Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> ad_gpo.c ad_gpo_child.c
32381402a4a9afc003782c9e2301fc59c9bda2a9	20-Jul-2014	Yassir Elley <yelley@redhat.com>	AD-GPO: Store policy settings in local files Reviewed-by: Sumit Bose <sbose@redhat.com> /sssd-io/Makefile.am /sssd-io/configure.ac /sssd-io/contrib/sssd.spec.in /sssd-io/src/conf_macros.m4 ad_gpo.c ad_gpo_child.c
b31b0a468ddbc9be4fc78289e5a0a108c31ec620	20-Jul-2014	Sumit Bose <sbose@redhat.com>	AD: add missing debug-to-stderr option to gpo_child Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> ad_gpo_child.c
19d3aba12c70528708be9440aca66038a291f29e	01-Jul-2014	Yassir Elley <yelley@redhat.com>	AD-GPO: Add gpo-smb implementation in gpo_child process Reviewed-by: Sumit Bose <sbose@redhat.com> /sssd-io/Makefile.am /sssd-io/contrib/sssd.spec.in /sssd-io/src/external/samba.m4 ad_gpo.c ad_gpo_child.c