UTIL: move {files,selinux}.c under util directory files.c has at least one function that will be re-used for the new session provider that's about to be added. Also, a few other functions may be added and files.c seems the right place for those. selinux.c has been moved together with files.c as the latter takes advantage of some functions from the former and we do not want to always link agains the tools code. The public functions from files.c got a "sss_" prefix and it has been changed whenever they're used. Last but not least, all the places that included "tools/tools_util.h" due to the functions on files.c had this include removed (as they were already including "util/util.h". Related: https://pagure.io/SSSD/sssd/issue/2995 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

utils: add remove_subtree Remove all entries in a directory but will not remove the directory itself. Reviewed-by: Petr Cech <pcech@redhat.com>

UTILS: Fixing duplication of pid file declaration Resolves: https://fedorahosted.org/sssd/ticket/2978 Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

sss_tools: add test if sssd is running Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

UTIL: Add secure copy function This is a precursor to supporting a static default configuration file. We need to be able to copy the default into the mutable location if the infopipe is asked to modify it. This patch opens both the source and destination files together in order to avoid time-of-check/time-of-use bugs. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

util: Move semanage related functions to src/util These functions will be reused by IPA provider. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

Update DEBUG* invocations to use new levels Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

Move nscd.c from tools to util Preparation for the following patch which will include the nscd.c in the monitor code due to newly introduced function for checking the nscd configuration file.

TOOLS: Use file descriptor to avoid races when creating a home directory When creating a home directory, the destination tree can be modified in various ways while it is being constructed because directory permissions are set before populating the directory. This can lead to file creation and permission changes outside the target directory tree, using hard links. This security problem was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782

TOOLS: invalidate parent groups in memory cache, too https://fedorahosted.org/sssd/ticket/1775 In addition to invalidating the group being added to when adding a member group/user, we also need to invalidate all its parent groups, otherwise this getgrnam("parent") wouldn't report the members newly added to its child groups.

TOOLS: Provide a convenience function to refresh a list of groups

TOOLS: Split querying nss responder into a separate function The tools query the responder in order to sync the memcache after performing changes to the local database. The functions will be reused by other tools so I split them into a separate functions.

TOOLS: move memcache related functions to tools_mc_utils.c The upcoming patches will link only users of this file with client libs, so it's better to have it separate. There is no functional change in this patch

sss_cache: Small refactor. The logic that checks if sssd_nss is running and then sends SIGHUP to monitor or removes the caches was moved to a function sss_memcache_clear_all() and made public in tools_util.h.

sss_cache: Remove fastcache even if sssd is not running. https://fedorahosted.org/sssd/ticket/1584

tools_util.h provides signal_sssd function.

Always use positional arguments in translatable strings https://fedorahosted.org/sssd/ticket/1336

Cleanup: Remove unused parameters

Fix assorted minor bugs in sss_ tools Fixes: #585

tools: remove creation of event_context Since the sysdb is now synchronous and creates its own event context we don't need an explicit event context anymore in the tools.

sysdb: remove remaining traces of sysdb_handle

SELinux login management Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again. MLS security is not supported as of this patch.

Move SELinux related functions into its own module Fix whitespace errors

Add userdel_cmd param Fixes: #231

Flush NSCD cache after modifying local database Fixes: #221

Rename server/ directory to src/ Also update BUILD.txt