Rename dp_backend.h to backend.h Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

GPO_CHILD: Create directories in gpo_cache with right permissions The parent directory has to have execute bit if we want to create subdirectories or read files there. sh-4.3$ mkdir dir sh-4.3$ echo "test" > dir/test_file sh-4.3$ chmod 644 dir/ sh-4.3$ ls dir/ test_file sh-4.3$ cat dir/test_file cat: dir/test_file: Permission denied It was not probelm for sssd in root mode because root has by default capbilities DAC_OVERRIDE and DAC_READ_SEARCH which bypass file read, write, and execute permission checks and directory read and execute permission checks Resolves: https://fedorahosted.org/sssd/ticket/2962 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

GPO: Soften umask in gpo_child The default umask(0177) inherited from sssd_be is to strict for gpo_child in non-root mode. mkdir creates directories with only "rw" permission for owner. The man 1 chmod says: "execute (or search for directories) (x)" In another words, execute bit is required for directories. sh-4.3$ mkdir dir sh-4.3$ chmod 600 dir/ sh-4.3$ mkdir dir/subdir mkdir: cannot create directory ‘dir/subdir’: Permission denied Resolves: https://fedorahosted.org/sssd/ticket/2962 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

GPO: log specific ini parse error messages We should log error messages generated by libini if there are problems with parsing gpo files. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

GPO: Use sss_unique_file and close fd on failure The GPO child didn't remove temporary file on failure and didn't close the fd on failure (the latter was not much of a problem for a short-lived child process). Reviewed-by: Pavel Březina <pbrezina@redhat.com>

sssd: incorrect checks on length values during packet decoding https://fedorahosted.org/sssd/ticket/1697 It is safer to isolate the checked (unknown/untrusted) value on the left hand side in the conditions to avoid overflows/underflows. Reviewed-by: Petr Cech <pcech@redhat.com>

Fix minor typos Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

GPO: Better debugging for gpo_child's mkdir Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

GPO: Don't use stdout for output in gpo_child Resolves: https://fedorahosted.org/sssd/ticket/2544 Use a dedicated fd instead to work around https://bugzilla.samba.org/show_bug.cgi?id=11036 Reviewed-by: Sumit Bose <sbose@redhat.com>

GPO: Set libsmb debugging to stderr libsmb logs to stdout by default. It's much more reasonable to log to stderr by default. Please also note: https://bugzilla.samba.org/show_bug.cgi?id=11036 and: https://fedorahosted.org/sssd/ticket/2544 Reviewed-by: Sumit Bose <sbose@redhat.com>

sss_atomic_write_s() return value is signed Reviewed-by: Sumit Bose <sbose@redhat.com>

AD-GPO: only download policy files if gpo version changes Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

AD-GPO: Store policy settings in local files Reviewed-by: Sumit Bose <sbose@redhat.com>

AD: add missing debug-to-stderr option to gpo_child Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

AD-GPO: Add gpo-smb implementation in gpo_child process Reviewed-by: Sumit Bose <sbose@redhat.com>