c7636e4...
by
Lukas Slebodnik <email address hidden>
CRYPTO: Save prefix in s3crypt_sha512
Since commit 2951a9a84bd85f384213a3e071ffc167907df2d7 where we switched from
stpncpy to memcpy the salt prefix "$6$" is not stored at all.
This broke offline authentication if someone upgraded from old version
that stored the prefix to one that doesn't store it.
This patch switches the sudo responder from being created as a public
responder where the permissions are open and not checked by the sssd
deaamon to a private socket. In this case, sssd creates the pipes with
strict permissions (see the umask in the call to create_pipe_fd() in
set_unix_socket()) and additionaly checks the permissions with every read
via the tevent integrations (see accept_fd_handler()).
AUTOFS: remove timed event if related object is removed
autofs_map_result_timeout() is called as a timed event to free the
autofs map data is the cache lifetime is exceeded. If the data is freed
earlier the timed event should be removed as well to avoid a double
free issue.
Since talloc is used here the most easy way to achieve this is to allocate
the timed event on the map object itself.
NSS: remove timed event if related object is removed
setnetgrent_result_timeout() is called as a timed event to free the
netgr data is the cache lifetime is exceeded. If the data is freed
earlier the timed event should be removed as well to avoid a double
free issue.
Since talloc is used here the most easy way to achieve this is to
allocate the timed event on the netgr object itself.
Although is does not harm because 'openssl ca' creates the
index.tx.tattr file with a suitable content automatically this patch
adds the file to the test_CA directory to silence a message like:
Can't open ./index.txt.attr for reading, No such file or directory
139867607979840:error:02001002:system library:fopen:No such file or
directory:crypto/bio/bss_file.c:74:fopen('./index.txt.attr','r')
139867607979840:error:2006D080:BIO routines:BIO_new_file:no such
file:crypto/bio/bss_file.c:81:
TESTS: simple CA to generate certificates for test
To avoid issue with certificate lifetimes a simple OpenSSL based CA is
used to generate certificates for tests.
To make management easy all related data is kept in
src/tests/test_CA. Since some header files will be generated the
generation of the needed files is added to BUILT_SOURCES as other
generated code.