From 374b135fda007645cf81b9a9395fa862d6bc539d Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 30 Nov 2016 16:01:35 +0100 Subject: [PATCH] Updated to upstream 0.16.3 plus patches from git master --- .gitignore | 1 + 0001-LDAP-don-t-close-LDAP-socket-twice.patch | 41 ++++++++ ...and-pam-sssd.conf-services-after-joi.patch | 96 +++++++++++++++++++ realmd.spec | 20 ++-- sources | 2 +- 5 files changed, 149 insertions(+), 11 deletions(-) create mode 100644 0001-LDAP-don-t-close-LDAP-socket-twice.patch create mode 100644 0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch diff --git a/.gitignore b/.gitignore index 348c4b5..e478102 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ /realmd-0.16.0.tar.gz /realmd-0.16.1.tar.gz /realmd-0.16.2.tar.gz +/realmd-0.16.3.tar.gz diff --git a/0001-LDAP-don-t-close-LDAP-socket-twice.patch b/0001-LDAP-don-t-close-LDAP-socket-twice.patch new file mode 100644 index 0000000..09e9ccf --- /dev/null +++ b/0001-LDAP-don-t-close-LDAP-socket-twice.patch @@ -0,0 +1,41 @@ +From 895e5b37d14090541480cebcb297846cbd3662ce Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 25 Nov 2016 17:35:11 +0100 +Subject: [PATCH] LDAP: don't close LDAP socket twice + +ldap_destroy() will call close() on the LDAP socket so with an explicit +close() before the file descriptor will be closed twice. Even worse, +since the file descriptor can be reused after the explicit call of +close() by any other thread the close() called from ldap_destroy() might +close a file descriptor used by a different thread as seen e.g. in +https://bugzilla.redhat.com/show_bug.cgi?id=1398522. + +Additionally the patch makes sure that the closed connection cannot be +used again. + +https://bugzilla.redhat.com/show_bug.cgi?id=1398522 +--- + service/realm-ldap.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/service/realm-ldap.c b/service/realm-ldap.c +index 061ed61..59817fb 100644 +--- a/service/realm-ldap.c ++++ b/service/realm-ldap.c +@@ -159,10 +159,11 @@ ldap_source_finalize (GSource *source) + { + LdapSource *ls = (LdapSource *)source; + +- /* Yeah, this is pretty rough, but we don't want blocking here */ +- close (ls->sock); + ldap_destroy (ls->ldap); + ++ ls->sock = -1; ++ ls->ldap = NULL; ++ + if (ls->cancellable) { + g_cancellable_release_fd (ls->cancellable); + g_object_unref (ls->cancellable); +-- +2.9.3 + diff --git a/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch b/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch new file mode 100644 index 0000000..8b8f633 --- /dev/null +++ b/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch @@ -0,0 +1,96 @@ +From 402cbab6e8267fcd959bcfa84a47f4871b59944d Mon Sep 17 00:00:00 2001 +From: Stef Walter +Date: Fri, 28 Oct 2016 20:27:48 +0200 +Subject: [PATCH] service: Add nss and pam sssd.conf services after joining + +After adding a domain to sssd.conf add the nss and pam services +to the [sssd] block. + +https://bugs.freedesktop.org/show_bug.cgi?id=98479 +--- + service/realm-sssd-ad.c | 3 +++ + service/realm-sssd-config.c | 2 -- + service/realm-sssd-ipa.c | 3 +++ + tests/test-sssd-config.c | 4 ++-- + 4 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c +index 5ed384d..5fa81ce 100644 +--- a/service/realm-sssd-ad.c ++++ b/service/realm-sssd-ad.c +@@ -160,6 +160,7 @@ configure_sssd_for_domain (RealmIniConfig *config, + gboolean use_adcli, + GError **error) + { ++ const gchar *services[] = { "nss", "pam", NULL }; + GString *realmd_tags; + const gchar *access_provider; + const gchar *shell; +@@ -206,6 +207,8 @@ configure_sssd_for_domain (RealmIniConfig *config, + "ldap_sasl_authid", authid, + NULL); + ++ realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL); ++ + g_free (authid); + g_string_free (realmd_tags, TRUE); + +diff --git a/service/realm-sssd-config.c b/service/realm-sssd-config.c +index 2096afd..d4398b9 100644 +--- a/service/realm-sssd-config.c ++++ b/service/realm-sssd-config.c +@@ -154,8 +154,6 @@ realm_sssd_config_add_domain (RealmIniConfig *config, + g_strfreev (already); + + /* Setup a default sssd section */ +- if (!realm_ini_config_have (config, "section", "services")) +- realm_ini_config_set (config, "sssd", "services", "nss, pam", NULL); + if (!realm_ini_config_have (config, "sssd", "config_file_version")) + realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL); + +diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c +index b12136e..001870d 100644 +--- a/service/realm-sssd-ipa.c ++++ b/service/realm-sssd-ipa.c +@@ -156,6 +156,7 @@ on_ipa_client_do_restart (GObject *source, + GAsyncResult *result, + gpointer user_data) + { ++ const gchar *services[] = { "nss", "pam", NULL }; + GTask *task = G_TASK (user_data); + EnrollClosure *enroll = g_task_get_task_data (task); + RealmSssd *sssd = g_task_get_source_object (task); +@@ -207,6 +208,8 @@ on_ipa_client_do_restart (GObject *source, + "realmd_tags", realmd_tags, + NULL); + ++ realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL); ++ + g_free (home); + } + +diff --git a/tests/test-sssd-config.c b/tests/test-sssd-config.c +index 59eab75..892b9d5 100644 +--- a/tests/test-sssd-config.c ++++ b/tests/test-sssd-config.c +@@ -90,7 +90,7 @@ test_add_domain (Test *test, + gconstpointer unused) + { + const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one"; +- const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n"; ++ const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n"; + GError *error = NULL; + gchar *output; + gboolean ret; +@@ -140,7 +140,7 @@ static void + test_add_domain_only (Test *test, + gconstpointer unused) + { +- const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n"; ++ const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n"; + GError *error = NULL; + gchar *output; + gboolean ret; +-- +2.9.3 + diff --git a/realmd.spec b/realmd.spec index 7fb2082..1b50146 100644 --- a/realmd.spec +++ b/realmd.spec @@ -1,18 +1,17 @@ Name: realmd -Version: 0.16.2 -Release: 5%{?dist} +Version: 0.16.3 +Release: 1%{?dist} Summary: Kerberos realm enrollment service License: LGPLv2+ URL: http://cgit.freedesktop.org/realmd/realmd/ Source0: http://www.freedesktop.org/software/realmd/releases/realmd-%{version}.tar.gz -Patch1: install-diagnostic.patch -Patch2: computer-ou.patch -Patch3: duplicate-test-path.patch -Patch4: 0001-Fix-invalid-unrefs-on-realm_invocation_get_cancellab.patch +Patch1: 0001-LDAP-don-t-close-LDAP-socket-twice.patch +Patch2: 0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch -BuildRequires: automake -BuildRequires: autoconf + +BuildRequires: automake +BuildRequires: autoconf BuildRequires: intltool pkgconfig BuildRequires: gettext-devel BuildRequires: glib2-devel >= 2.32.0 @@ -43,8 +42,6 @@ applications that use %{name}. %setup -q %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 %build automake --add-missing @@ -80,6 +77,9 @@ make install DESTDIR=%{buildroot} %doc ChangeLog %changelog +* Wed Nov 30 2016 Sumit Bose - 0.16.3-1 +- Updated to upstream 0.16.3 plus patches from git master + * Fri Jun 03 2016 Sumit Bose - 0.16.2-5 - properly apply patch for rhbz#1330766 - Resolves: rhbz#1330766 diff --git a/sources b/sources index f043968..bcf62d4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -cc9134b25f29a0acba6bc7dfdfbd702a realmd-0.16.2.tar.gz +a8b3bf5692c4255298ae962a0c8813fa realmd-0.16.3.tar.gz