[SSSD] [sssd PR#923][opened] PRNG usage amended
URL: https://github.com/SSSD/sssd/pull/923 Author: alexey-tikhonov Title: #923: PRNG usage amended Action: opened PR body: """ This PR is intended to address https://pagure.io/SSSD/sssd/issue/4024#comment-603526 sss_rand() was: - moved out of crypto lib, - non security relevant purpose was emphasized - attempt to "use RAND_bytes() if available" was removed to simplify things and make return value compatible with rand() MMAP_CACHE: use CSPRNG to init hash table seed """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/923/head:pr923 git checkout pr923 https://github.githubassets.com;> https://avatars0.githubusercontent.com;> https://avatars1.githubusercontent.com;> https://avatars2.githubusercontent.com;> https://avatars3.githubusercontent.com;> https://github-cloud.s3.amazonaws.com;> https://user-images.githubusercontent.com/;> https://github.githubassets.com/assets/frameworks-481a47a96965f6706fb41bae0d14b09a.css; /> https://github.githubassets.com/assets/site-212da8d2e327716b925d34199c85916c.css; /> https://github.githubassets.com/assets/github-4aa6c31d1652b09080e404b2bf72f75c.css; /> PRNG usage amended by alexey-tikhonov · Pull Request #923 · SSSD/sssd · GitHub https://pagure.io/SSSD/sssd/issue/4024#comment-603526 sss_rand() was: - moved out of crypto lib, - non security relevant purpose was emphasized - attempt to use RAND_bytes() if available was removed to simplify things and make return value compatible with rand() MMAP_CACHE: use CSPRNG to init hash table seed"> https://github.com/fluidicon.png; title="GitHub"> https://avatars1.githubusercontent.com/u/12898906?s=400v=4; />https://pagure.io/SSSD/sssd/issue/4024#comment-603526 sss_rand() was: - moved out of crypto lib, - non security relevant purpose was emphasized - attempt to amp;q..." /> https://avatars1.githubusercontent.com/u/12898906?s=400v=4; />https://github.com/SSSD/sssd/pull/923; />https://pagure.io/SSSD/sssd/issue/4024#comment-603526 sss_rand() was: - moved out of crypto lib, - non security relevant purpose was emphasized - attempt to quot;..." /> https://github.githubassets.com/;> https://collector.githubapp.com/github-external/browser_event; /> https://github.com/SSSD/sssd/commits/prng_again.atom; rel="alternate" title="Recent Commits to sssd:prng_again" type="application/atom+xml"> https://github.com/SSSD/sssd.git;> https://api.github.com/_private/browser/stats;> https://api.github.com/_private/browser/errors;> https://github.githubassets.com/pinned-octocat.svg; color="#00"> https://github.githubassets.com/favicon.ico;> Skip to content https://github.com/; aria-label="Homepage" data-ga-click="(Logged out) Header, go to homepage, icon:logo-wordmark"> Why GitHub? Features Code review Project management Integrations Actions Package registry Security Team management Social coding Documentation Code hosting Customer stories Security Enterprise Explore Explore GitHub Learn contribute Topics Collections Trending https://lab.github.com/; class="py-2 lh-condensed-ultra d-block link-gray no-underline f5" data-ga-click="(Logged out) Header, go to Learning lab">Learning Lab https://opensource.guide; class="py-2 lh-condensed-ultra d-block link-gray no-underline f5" data-ga-click="(Logged out) Header, go to Open source guides">Open source guides Connect with others https://github.com/events; class="py-2 lh-condensed-ultra d-block
[SSSD] [sssd PR#923][+Waiting for review] PRNG usage amended
URL: https://github.com/SSSD/sssd/pull/923 Title: #923: PRNG usage amended Label: +Waiting for review ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#922][comment] Fix timing to save errno
URL: https://github.com/SSSD/sssd/pull/922 Title: #922: Fix timing to save errno alexey-tikhonov commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/922#issuecomment-548016430 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#922][comment] Fix timing to save errno
URL: https://github.com/SSSD/sssd/pull/922 Title: #922: Fix timing to save errno centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/922#issuecomment-547999744 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#922][opened] Fix timing to save errno
URL: https://github.com/SSSD/sssd/pull/922 Author: miztake Title: #922: Fix timing to save errno Action: opened PR body: """ The timing to save some errnos is after DEBUG output, not immediately after the system call. Fix to save errno before DEBUG output so that errno is not overwritten by DEBUG output processing. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/922/head:pr922 git checkout pr922 From 66149aec27e9a39519deaf5a17cdca6e085ef016 Mon Sep 17 00:00:00 2001 From: MIZUTA Takeshi Date: Thu, 31 Oct 2019 01:38:52 +0900 Subject: [PATCH] Fix timing to save errno The timing to save some errnos is after DEBUG output, not immediately after the system call. Fix to save errno before DEBUG output so that errno is not overwritten by DEBUG output processing. --- src/confdb/confdb_setup.c | 2 +- src/krb5_plugin/sssd_krb5_locator_plugin.c | 2 +- src/providers/ipa/ipa_common.c | 2 +- src/tools/tools_util.c | 2 +- src/util/child_common.c| 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/confdb/confdb_setup.c b/src/confdb/confdb_setup.c index 15fd238c0f..b7b316fd6f 100644 --- a/src/confdb/confdb_setup.c +++ b/src/confdb/confdb_setup.c @@ -172,9 +172,9 @@ static int confdb_ldif_from_ini_file(TALLOC_CTX *mem_ctx, errno = 0; ret = sss_ini_get_mtime(init_data, sizeof(timestr), timestr); if (ret <= 0 || ret >= (int)sizeof(timestr)) { +ret = errno ? errno : EFAULT; DEBUG(SSSDBG_FATAL_FAILURE, "Failed to convert time_t to string??\n"); -ret = errno ? errno : EFAULT; return ret; } } else { diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c index 06520ef2e5..1a85275a0f 100644 --- a/src/krb5_plugin/sssd_krb5_locator_plugin.c +++ b/src/krb5_plugin/sssd_krb5_locator_plugin.c @@ -343,9 +343,9 @@ static int get_krb5info(const char *realm, struct sssd_ctx *ctx, fd = open(krb5info_name, O_RDONLY); if (fd == -1) { +ret = errno; PLUGIN_DEBUG("open failed [%s][%d][%s].\n", krb5info_name, errno, strerror(errno)); -ret = errno; goto done; } diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 01301723e9..6f5dee731e 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -81,9 +81,9 @@ int ipa_get_options(TALLOC_CTX *memctx, if (ipa_hostname == NULL) { ret = gethostname(hostname, sizeof(hostname)); if (ret != EOK) { +ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno, strerror(errno)); -ret = errno; goto done; } hostname[HOST_NAME_MAX] = '\0'; diff --git a/src/tools/tools_util.c b/src/tools/tools_util.c index 146f78a890..21b3f888f9 100644 --- a/src/tools/tools_util.c +++ b/src/tools/tools_util.c @@ -578,8 +578,8 @@ int run_userdel_cmd(struct tools_ctx *tctx) } } if (child_pid == -1) { -DEBUG(SSSDBG_CRIT_FAILURE, "waitpid failed\n"); ret = errno; +DEBUG(SSSDBG_CRIT_FAILURE, "waitpid failed\n"); goto done; } } diff --git a/src/util/child_common.c b/src/util/child_common.c index 203c115f9e..3c63339e2b 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -822,9 +822,9 @@ errno_t child_debug_init(const char *logfile, int *debug_fd) *debug_fd = fileno(debug_filep); if (*debug_fd == -1) { +ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, "fileno failed [%d][%s]\n", errno, strerror(errno)); -ret = errno; return ret; } } ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#921][comment] util/server.c: fix handling when error occurs in waitpid()
URL: https://github.com/SSSD/sssd/pull/921 Title: #921: util/server.c: fix handling when error occurs in waitpid() jhrozek commented: """ ok to test """ See the full comment at https://github.com/SSSD/sssd/pull/921#issuecomment-547995771 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#921][opened] util/server.c: fix handling when error occurs in waitpid()
URL: https://github.com/SSSD/sssd/pull/921 Author: miztake Title: #921: util/server.c: fix handling when error occurs in waitpid() Action: opened PR body: """ -1 is returned if an error occurs in waitpid(). Fixed inappropriate error handling. """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/921/head:pr921 git checkout pr921 From 9e5c407bbb8176c802e9780aaf35be219411b1f1 Mon Sep 17 00:00:00 2001 From: MIZUTA Takeshi Date: Thu, 31 Oct 2019 00:52:32 +0900 Subject: [PATCH] util/server.c: fix handling when error occurs in waitpid() -1 is returned if an error occurs in waitpid(). Fixed inappropriate error handling. --- src/util/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/server.c b/src/util/server.c index 97a67e3d39..8b927069d2 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -86,7 +86,7 @@ void become_daemon(bool Fork) do { errno = 0; cpid = waitpid(pid, , 0); -if (cpid == 1) { +if (cpid == -1) { /* An error occurred while waiting */ error = errno; if (error != EINTR) { ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#921][comment] util/server.c: fix handling when error occurs in waitpid()
URL: https://github.com/SSSD/sssd/pull/921 Title: #921: util/server.c: fix handling when error occurs in waitpid() centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/921#issuecomment-547977304 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#457][closed] ipa: Removal of umask(0) in selinux_child
URL: https://github.com/SSSD/sssd/pull/457 Author: amitkumar50 Title: #457: ipa: Removal of umask(0) in selinux_child Action: closed To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/457/head:pr457 git checkout pr457 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#920][comment] Add comment to workaround for libsemanage issue
URL: https://github.com/SSSD/sssd/pull/920 Title: #920: Add comment to workaround for libsemanage issue alexey-tikhonov commented: """ This PR supersedes #457 """ See the full comment at https://github.com/SSSD/sssd/pull/920#issuecomment-547874371 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#457][comment] ipa: Removal of umask(0) in selinux_child
URL: https://github.com/SSSD/sssd/pull/457 Title: #457: ipa: Removal of umask(0) in selinux_child alexey-tikhonov commented: """ This PR is superseded in favor of #920 """ See the full comment at https://github.com/SSSD/sssd/pull/457#issuecomment-547874086 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#457][comment] ipa: Removal of umask(0) in selinux_child
URL: https://github.com/SSSD/sssd/pull/457 Title: #457: ipa: Removal of umask(0) in selinux_child alexey-tikhonov commented: """ This PR is superseded in favor of PR920 """ See the full comment at https://github.com/SSSD/sssd/pull/457#issuecomment-547874086 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#920][comment] Add comment to workaround for libsemanage issue
URL: https://github.com/SSSD/sssd/pull/920 Title: #920: Add comment to workaround for libsemanage issue jhrozek commented: """ add to whitelist """ See the full comment at https://github.com/SSSD/sssd/pull/920#issuecomment-547849552 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#920][opened] Add comment to workaround for libsemanage issue
URL: https://github.com/SSSD/sssd/pull/920 Author: elkoniu Title: #920: Add comment to workaround for libsemanage issue Action: opened PR body: """ libsemanage < 2.6 use to not set right file mask in our usecase. It has been fixed by manual umask() call but is no longer needed. Fix will be keept as a precaution for future libsemanage versions. Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1186422 Related issue: https://pagure.io/SSSD/sssd/issue/3583 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/920/head:pr920 git checkout pr920 From a9cf1006ffd4cd8e916b7a284d9ce92878f9a2bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?= Date: Wed, 30 Oct 2019 11:50:53 +0100 Subject: [PATCH] Add comment to workaround for libsemanage issue libsemanage < 2.6 use to not set right file mask in our usecase. It has been fixed by manual umask() call but is no longer needed. Fix will be keept as a precaution for future libsemanage versions. Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1186422 Related issue: https://pagure.io/SSSD/sssd/issue/3583 --- src/providers/ipa/selinux_child.c | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c index 925591ec90..f5611a8aa3 100644 --- a/src/providers/ipa/selinux_child.c +++ b/src/providers/ipa/selinux_child.c @@ -147,11 +147,13 @@ static int sc_set_seuser(const char *login_name, const char *seuser_name, int ret; mode_t old_mask; -/* This is a workaround for - * https://bugzilla.redhat.com/show_bug.cgi?id=1186422 to make sure - * the directories are created with the expected permissions +/* Bug origin: https://bugzilla.redhat.com/show_bug.cgi?id=1186422 + * This workaround is required for libsemanage < 2.5-13.el7 + * It will remain here as a precaution in case of unexpected + * libsemanage behaviour. */ old_mask = umask(0); + if (strcmp(seuser_name, "") == 0) { /* An empty SELinux user should cause SSSD to use the system * default. We need to remove the SELinux user from the DB @@ -161,7 +163,9 @@ static int sc_set_seuser(const char *login_name, const char *seuser_name, } else { ret = sss_set_seuser(login_name, seuser_name, mls); } + umask(old_mask); + return ret; } ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#920][comment] Add comment to workaround for libsemanage issue
URL: https://github.com/SSSD/sssd/pull/920 Title: #920: Add comment to workaround for libsemanage issue centos-ci commented: """ Can one of the admins verify this patch? """ See the full comment at https://github.com/SSSD/sssd/pull/920#issuecomment-547847931 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#911][comment] Update pam_sss.8.xml
URL: https://github.com/SSSD/sssd/pull/911 Title: #911: Update pam_sss.8.xml mzidek-rh commented: """ Adding changes requested as per @sumit-bose's comment. """ See the full comment at https://github.com/SSSD/sssd/pull/911#issuecomment-547831486 ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
[SSSD] [sssd PR#911][+Changes requested] Update pam_sss.8.xml
URL: https://github.com/SSSD/sssd/pull/911 Title: #911: Update pam_sss.8.xml Label: +Changes requested ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org