| cc2d77d5218c188119fa954c856e858cbde76947 |
|
20-Jun-2016 |
Pavel Březina <pbrezina@redhat.com> |
Rename dp_backend.h to backend.h
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
| 9f0bffebd070115ab47a92eadc6890a721c7b78d |
|
31-Aug-2015 |
Michal Židek <mzidek@redhat.com> |
sssd: incorrect checks on length values during packet decoding
https://fedorahosted.org/sssd/ticket/1697
It is safer to isolate the checked (unknown/untrusted)
value on the left hand side in the conditions
to avoid overflows/underflows.
Reviewed-by: Petr Cech <pcech@redhat.com> |
| 1e0fa55fb377db788e065de917ba8e149eb56161 |
|
14-Apr-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
selinux: Only call semanage if the context actually changes
https://fedorahosted.org/sssd/ticket/2624
Add a function to query the libsemanage database for a user context and
only update the database if the context differes from the one set on the
server.
Adds talloc dependency to libsss_semanage.
Reviewed-by: Michal Židek <mzidek@redhat.com> |
| 3e6dac8e14f8a3da6d359ee013453dbd8a38dd99 |
|
17-Mar-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
selinux: Handle setup with empty default and no configured rules
SSSD also needs to handle the setup where no rules match the machine and
the default has no MLS component.
Related to:
https://fedorahosted.org/sssd/ticket/2587
Reviewed-by: Michal Židek <mzidek@redhat.com> |
| 01f78f755fde63997ccfded71fb8395569b11430 |
|
04-Mar-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
selinux: Delete existing user mapping on empty default
https://fedorahosted.org/sssd/ticket/2587
The case of SELinux default user mapping being an empty string is valid,
it should translate into "pick the default context on the target
machine".
In case the context is empty, we need to delete the per-user mapping from
the SELinux database to make sure the default is used.
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Pavel Reichl <preichl@redhat.com> |
| b0f46a3019e0ff4f375ef07682ceb9418751707f |
|
13-Feb-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
SELINUX: Check the return value of setuid and setgid
Silences a Coverity warning
Reviewed-by: Pavel Reichl <preichl@redhat.com> |
| 8f78b6442f3176ee43aa06704a3adb9f4ac625d6 |
|
27-Jan-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
SELINUX: Set and reset umask when caling set_seuser from deamon code
https://fedorahosted.org/sssd/ticket/2563
Reviewed-by: Michal Židek <mzidek@redhat.com> |
| 486f0d5227a9b81815aaaf7d9a2c39aafcbfdf6a |
|
27-Jan-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
SELINUX: Call setuid(0)/setgid(0) to also set the real IDs to root
https://fedorahosted.org/sssd/ticket/2564
libselinux uses many access(2) calls and access() uses the real UID,
not the effective UID for the check. Therefore, the setuid selinux_child,
which only has effective UID of root would fail the check.
Reviewed-by: Michal Židek <mzidek@redhat.com> |
| 8e44ddfccebe61728d8a2c1dafce36dfa944bc90 |
|
03-Dec-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
sss_atomic_write_s() return value is signed
Reviewed-by: Sumit Bose <sbose@redhat.com> |
| 013c01bd491b535e1705dbb3dbd8424cffc66b7a |
|
06-Nov-2014 |
Michal Zidek <mzidek@redhat.com> |
selinux_child: Do not ignore return values.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
| f3a25949de81f80c136bb073e4a8f504b080c20c |
|
05-Nov-2014 |
Jakub Hrozek <jhrozek@redhat.com> |
IPA: Move setting the SELinux context to a child process
In order for the sssd_be process to run as unprivileged user, we need to
move the semanage processing to a process that runs as the root user
using setuid privileges.
Reviewed-by: Michal Židek <mzidek@redhat.com> |