Remove unneeded patch file

Patch was accepted upstream
2009-10-23 19:56:18 +00:00 · 2009-10-23 19:56:18 +00:00 · 3c198001f3
commit 3c198001f3
parent d6e2c70de2
1 changed files with 0 additions and 76 deletions
--- a/0001-Tighten-up-permission.patch
+++ b/0001-Tighten-up-permission.patch
@ -1,76 +0,0 @@
-From e98645b11a18d5eba14f9108504003ffdfe81f3a Mon Sep 17 00:00:00 2001
-From: Simo Sorce <ssorce@redhat.com>
-Date: Mon, 28 Sep 2009 07:51:26 -0400
-Subject: [PATCH] Tighten up permission.
-
-SSSD may contain passwords and other sensitive data, make sure we always keep its
-permission tight. Also make /etc/sssd permission very strict, just in case,
-admins may inadvertently copy an sssd.conf file without checking it's
-permissions.
---
- contrib/sssd.spec.in             |    2 +-
- server/upgrade/upgrade_config.py |   13 ++++++++++++-
- 2 files changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
-index 2dd291f..93a1401 100644
--- a/contrib/sssd.spec.in
-+++ b/contrib/sssd.spec.in
-@@ -132,7 +132,7 @@ rm -rf $RPM_BUILD_ROOT
- %attr(755,root,root) %dir %{pipepath}
- %attr(700,root,root) %dir %{pipepath}/private
- %attr(750,root,root) %dir %{_var}/log/%{name}
-%dir %{_sysconfdir}/sssd
-+%attr(700,root,root) %dir %{_sysconfdir}/sssd
- %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
- %config %{_sysconfdir}/sssd/sssd.api.conf
- %attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
-diff --git a/server/upgrade/upgrade_config.py b/server/upgrade/upgrade_config.py
-index 412fad5..87e3990 100644
--- a/server/upgrade/upgrade_config.py
-+++ b/server/upgrade/upgrade_config.py
-@@ -20,6 +20,7 @@
- #  You should have received a copy of the GNU General Public License
- #  along with this program.  If not, see <http://www.gnu.org/licenses/>.
- 
-+import os
- import sys
- import shutil
- import traceback
-@@ -91,6 +92,9 @@ class SSSDConfigFile(object):
-         " Copy the file we operate on to a backup location "
-         shutil.copy(self.file_name, self.file_name+".bak")
- 
-+        # make sure we don't leak data, force permissions on the backup
-+        os.chmod(self.file_name+".bak", 0600)
-+
-     def _migrate_if_exists(self, to_section, to_option, from_section, from_option):
-         """
-         Move value of parameter from one section to another, renaming the parameter
-@@ -281,8 +285,12 @@ class SSSDConfigFile(object):
-         # Migrate domains
-         self._migrate_domains()
- 
-        # all done, write the file
-+        # all done, open the file for writing
-         of = open(out_file_name, "wb")
-+
-+        # make sure it has the right permissions too
-+        os.chmod(out_file_name, 0600)
-+
-         self._new_config.write(of)
- 
- def parse_options():
-@@ -337,6 +345,9 @@ def main():
-         print >>sys.stderr, "Can only upgrade from v1 to v2, file %s looks like version %d" % (options.filename, config.get_version())
-         return 1
- 
-+    # make sure we keep strict settings when creating new files
-+    os.umask(0077)
-+
-     try:
-         config.upgrade_v2(options.outfile, options.backup)
-     except Exception, e:
-- 
-1.6.2.5
-