rpms
/
slapi-nis
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import slapi-nis-0.56.5-4.module+el8.3.0+8222+c1bff54a

This commit is contained in:
CentOS Sources 2020-11-03 06:53:56 -05:00 committed by Andrew Lukoshko
parent 15525bd1e0
commit 53b154d32a
10 changed files with 201 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/slapi-nis-0.56.3.tar.gz
SOURCES/slapi-nis-0.56.5.tar.gz

2
.slapi-nis.metadata
View File

@ -1 +1 @@
7768900317e79929ee8ea49ae2018d296e6441fb SOURCES/slapi-nis-0.56.3.tar.gz
3766addae0581012e6f2429270f093c3862db68c SOURCES/slapi-nis-0.56.5.tar.gz

BIN
SOURCES/slapi-nis-0.56.3.tar.gz.sig
View File

Binary file not shown.

11
SOURCES/slapi-nis-0.56.5.tar.gz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEEb9A7wQ1zA7rMdssD2m7b4Oa3L0FAl6v1FsACgkQD2m7b4Oa
3L2MLwgAuQNbDTVFDLFBP2+tAXlPnvVL6q476BMffBDVA4U1L3F1OFABMmTRfOC8
WM8m90YjkOwUIC1wvwn+Mbw2Y0YWJY3AwR2xM/3KTxd2YVqIN68nPOax0BAYMJfS
drVV8asb8Cg4uQ+xUdcrGg0mpiYbC5slTX8p8zdAMylYgXxTKRBnqZItCkQ8zgtj
+euh8gof7ORMaRVNhHFH2UsMGAHQf9JfCnnKIPWOU2NO1bKS/v7P9I5vb3dOB4gF
/88GxWAMbME8/Y7syYQ314ROCqbQybBM0T7f6xixvHFF/tgI+V36wHN6XdpadbcU
6TrOLdyrQUbSXltmFbF6N0Od5/VAXw==
=rpl9
-----END PGP SIGNATURE-----

44
SOURCES/slapi-nis-Bug-1725845-slapi-nis-crashes-when-returning-an-entr.patch
View File

@ -1,44 +0,0 @@
From e34a1220d740490a78185fb65bf575766906e419 Mon Sep 17 00:00:00 2001
From: Thierry Bordaz <tbordaz@redhat.com>
Date: Thu, 1 Aug 2019 18:23:14 +0200
Subject: [PATCH 2/2] Bug 1725845: slapi-nis crashes when returning an entry
with invalid DN
Bug Description:
On a search on compat tree, slapi-nis prepared the set of entries to return.
It stores the entries into a hashtable, using the normalized DN as a key.
If the entry contains an invalid DN, the key is invalid and triggers
a crash while adding the entry in the hashtable
https://bugzilla.redhat.com/show_bug.cgi?id=1725845
---
src/back-sch.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/back-sch.c b/src/back-sch.c
index 3f7e30f..87fa24c 100644
--- a/src/back-sch.c
+++ b/src/back-sch.c
@@ -1525,16 +1525,17 @@ backend_entries_to_return_push(struct backend_search_cbdata *cbdata, Slapi_Entry
struct entries_to_send *e_to_send = NULL;
struct cached_entry *entry = NULL;
bool_t dont_cache = FALSE;
+ void *ndn_key = (void *) slapi_entry_get_ndn(e);
PLHashTable* ht = (PLHashTable*) cbdata->state->cached_entries;
- if ((cbdata == NULL) || (e == NULL)) return;
+ if ((cbdata == NULL) || (e == NULL) || (ndn_key == NULL)) return;
e_to_send = (struct entries_to_send *) slapi_ch_calloc(1, sizeof(struct entries_to_send));
dont_cache = cbdata->state->use_entry_cache ? FALSE : TRUE;
if (!wrap_rwlock_wrlock(cbdata->state->cached_entries_lock)) {
- entry = PL_HashTableLookup(ht, slapi_entry_get_ndn(e));
+ entry = PL_HashTableLookup(ht, ndn_key);
if (entry != NULL) {
/* There is an entry in the hash table but is it the same? */
char *e_modifyTimestamp = slapi_entry_attr_get_charptr(e, "modifyTimestamp");
--
2.21.0

49
SOURCES/slapi-nis-bz1832331.patch Normal file
View File

@ -0,0 +1,49 @@
From e8c3ed416a442f5a431ca48f7ea384a6abc1fa53 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Wed, 6 May 2020 14:08:41 +0300
Subject: [PATCH] Initialize map lock in NIS plugin as well
Also if ignored_containers_sdn is NULL, we don't really need to check
whether a write could be ignored. It has to be processed, so bail out
early with FALSE.
Resolves: rhbz#1832331
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
src/back-shr.c | 4 ++++
src/plug-nis.c | 3 +++
2 files changed, 7 insertions(+)
diff --git a/src/back-shr.c b/src/back-shr.c
index e2b5dd3..c6a181e 100644
--- a/src/back-shr.c
+++ b/src/back-shr.c
@@ -2960,6 +2960,10 @@ backend_shr_write_ignore(Slapi_PBlock *pb)
int i = 0;
PRBool ignore = PR_FALSE;
+ if (ignored_containers_sdn == NULL) {
+ return ignore;
+ }
+
/* Check if the target DN is a subordinates of
* on of the ignored containers
*/
diff --git a/src/plug-nis.c b/src/plug-nis.c
index ee90c37..0ce4ae6 100644
--- a/src/plug-nis.c
+++ b/src/plug-nis.c
@@ -540,6 +540,9 @@ nis_plugin_init(Slapi_PBlock *pb)
"error setting up plugin\n");
return -1;
}
+
+ init_map_lock();
+
/* Read global configuration. */
if ((slapi_pblock_get(pb, SLAPI_PLUGIN_CONFIG_ENTRY,
&plugin_entry) == 0) &&
--
2.25.4

224
SOURCES/slapi-nis-fix-some-of-compiler-warnings.patch
View File

@ -1,224 +0,0 @@
From a8881e4cbb006fd317ecf89f006747c4dd1c84a4 Mon Sep 17 00:00:00 2001
From: Stanislav Levin <slev@altlinux.org>
Date: Tue, 11 Jun 2019 16:54:01 +0300
Subject: [PATCH 1/2] Fix some of compiler warnings
Signed-off-by: Stanislav Levin <slev@altlinux.org>
---
src/back-nis.c | 2 ++
src/back-sch-idview.c | 8 +++-----
src/back-sch.c | 9 ++-------
src/back-shr.c | 2 --
src/nis.c | 4 ++--
src/portmap.c | 15 ++++++++++++---
src/wrap.c | 5 +++--
tests/clients/Makefile.am | 2 +-
tests/clients/yp.c | 3 +--
yp/Makefile.am | 2 +-
10 files changed, 27 insertions(+), 25 deletions(-)
diff --git a/src/back-nis.c b/src/back-nis.c
index 244beba..adf378e 100644
--- a/src/back-nis.c
+++ b/src/back-nis.c
@@ -849,6 +849,8 @@ backend_update_params(Slapi_PBlock *pb, struct plugin_state *state)
request_set(state->request_info, RQ_DAEMON,
DEFAULT_TCPWRAP_NAME);
}
+#else
+ (void)tmp;
#endif
use_be_txns = backend_shr_get_vattr_boolean(state, our_entry,
"nsslapd-pluginbetxn",
diff --git a/src/back-sch-idview.c b/src/back-sch-idview.c
index e83fb1d..6769e8d 100644
--- a/src/back-sch-idview.c
+++ b/src/back-sch-idview.c
@@ -56,7 +56,7 @@ void
idview_get_overrides(struct backend_search_cbdata *cbdata)
{
char *dn = NULL;
- int ret = 0, result = 0;
+ int result = 0;
const Slapi_DN *suffix = NULL;
Slapi_PBlock *pb;
@@ -76,7 +76,7 @@ idview_get_overrides(struct backend_search_cbdata *cbdata)
slapi_search_internal_set_pb(pb, dn, LDAP_SCOPE_SUBTREE,
"(objectclass=ipaOverrideAnchor)", NULL, 0,
NULL, NULL, cbdata->state->plugin_identity, 0);
- ret = slapi_search_internal_pb(pb);
+ slapi_search_internal_pb(pb);
slapi_ch_free_string(&dn);
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &result);
@@ -411,8 +411,6 @@ idview_replace_filter(struct backend_search_cbdata *cbdata)
{
struct backend_search_filter_config config =
{FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, FALSE, NULL, NULL, NULL};
- int res = 0;
-
if (cbdata->idview == NULL) {
return;
}
@@ -421,7 +419,7 @@ idview_replace_filter(struct backend_search_cbdata *cbdata)
config.callback_data = cbdata;
/* Ignore the return code as it will always be SLAPI_FILTER_SCAN_NO_MORE */
- res = backend_analyze_search_filter(cbdata->filter, &config);
+ (void)backend_analyze_search_filter(cbdata->filter, &config);
if (config.name != NULL) {
slapi_ch_free_string(&config.name);
diff --git a/src/back-sch.c b/src/back-sch.c
index f6211bc..3f7e30f 100644
--- a/src/back-sch.c
+++ b/src/back-sch.c
@@ -438,13 +438,8 @@ backend_set_operational_attributes(Slapi_Entry *e,
* plugin want to override the values using the configuration, they
* can. */
if (gmtime_r(&timestamp, &timestamp_tm) == &timestamp_tm) {
- sprintf(timestamp_str, "%04d%02d%02d%02d%02d%02dZ",
- timestamp_tm.tm_year + 1900,
- timestamp_tm.tm_mon + 1,
- timestamp_tm.tm_mday,
- timestamp_tm.tm_hour,
- timestamp_tm.tm_min,
- timestamp_tm.tm_sec);
+ strftime(timestamp_str, sizeof(timestamp_str),
+ "%Y%m%d%H%M%SZ", &timestamp_tm);
slapi_entry_add_string(e, "createTimestamp", timestamp_str);
slapi_entry_add_string(e, "modifyTimestamp", timestamp_str);
}
diff --git a/src/back-shr.c b/src/back-shr.c
index 472846a..0c29d1f 100644
--- a/src/back-shr.c
+++ b/src/back-shr.c
@@ -780,8 +780,6 @@ static void
backend_shr_data_initialize_thread(time_t when, void *arg)
{
struct backend_shr_data_init_cbdata *cbdata = (struct backend_shr_data_init_cbdata *)arg;
- PRThread *thread = NULL;
-
if (slapi_is_shutting_down()) {
return;
}
diff --git a/src/nis.c b/src/nis.c
index 82b4c63..845c9da 100644
--- a/src/nis.c
+++ b/src/nis.c
@@ -967,7 +967,7 @@ nis_process_request(struct plugin_state *state,
AUTH *request_auth, *reply_auth;
char auth_buf[MAX_AUTH_BYTES];
struct rpc_msg request, reply;
- int auth_flavor, auth_len;
+ int auth_flavor;
struct ypresp_val reply_val;
struct ypresp_key_val reply_key_val;
struct ypresp_all reply_all;
@@ -1057,7 +1057,7 @@ nis_process_request(struct plugin_state *state,
}
auth_marshall(reply_auth, &auth_xdrs);
auth_destroy(reply_auth);
- auth_len = xdr_getpos(&auth_xdrs);
+ (void)xdr_getpos(&auth_xdrs);
xdr_destroy(&auth_xdrs);
slapi_log_error(SLAPI_LOG_PLUGIN, state->plugin_desc->spd_id,
"built reply authenticator\n");
diff --git a/src/portmap.c b/src/portmap.c
index f2e009e..bf700d9 100644
--- a/src/portmap.c
+++ b/src/portmap.c
@@ -77,7 +77,8 @@ slapi_log_error(int i, char *f, char *fmt, ...)
int
main(int argc, char **argv)
{
- int s, ret, port;
+ int s, port;
+ int ret __attribute__ ((unused));
s = socket(PF_INET, SOCK_DGRAM, 0);
if (s == -1) {
printf("error allocating socket\n");
@@ -94,8 +95,16 @@ main(int argc, char **argv)
printf("error creating portmap/rpcbind client socket\n");
return 1;
}
- setregid(2516, 2516);
- setreuid(2510, 2510);
+ if (setregid(2516, 2516) == -1) {
+ printf("error setting real and effective group id %s\n",
+ strerror(errno));
+ return 1;
+ }
+ if (setreuid(2510, 2510) == -1) {
+ printf("error setting real and effective user id %s\n",
+ strerror(errno));
+ return 1;
+ }
sleep(60);
portmap_unregister("portmap", &s, port, YPPROG, YPVERS,
AF_INET, IPPROTO_TCP, 0);
diff --git a/src/wrap.c b/src/wrap.c
index f8056a4..2905f84 100644
--- a/src/wrap.c
+++ b/src/wrap.c
@@ -153,13 +153,14 @@ void *
wrap_stop_thread(struct wrapped_thread *t)
{
void *returned = NULL;
+ int ret __attribute__ ((unused));
#ifdef USE_PTHREADS
- write(t->stopfd[1], "", 1);
+ ret = write(t->stopfd[1], "", 1);
close(t->stopfd[1]);
pthread_join(t->tid, &returned);
#endif
#ifdef USE_NSPR_THREADS
- write(t->stopfd[1], "", 1);
+ ret = write(t->stopfd[1], "", 1);
close(t->stopfd[1]);
PR_JoinThread(t->tid);
returned = t->args.result;
diff --git a/tests/clients/Makefile.am b/tests/clients/Makefile.am
index b5326da..6415d02 100644
--- a/tests/clients/Makefile.am
+++ b/tests/clients/Makefile.am
@@ -12,7 +12,7 @@ yp.h: ../../yp/yp.x
$(RPCGEN) -h -o $@ $^
yp_xdr.c: ../../yp/yp.x
$(RM) -f $@
- $(RPCGEN) -c -o $@ $^
+ $(RPCGEN) -c -i 0 -o $@ $^
yp_clnt.c: ../../yp/yp.x
$(RM) -f $@
$(RPCGEN) -l -o $@ $^
diff --git a/tests/clients/yp.c b/tests/clients/yp.c
index bc2da1f..88d2b81 100644
--- a/tests/clients/yp.c
+++ b/tests/clients/yp.c
@@ -164,8 +164,7 @@ writejunk(char *fd, char *data, int size)
static int
all(CLIENT *client, FILE *output, int argc, char **argv)
{
- ypresp_all *ret;
- int i, sock;
+ int sock;
ypreq_nokey nokey;
struct rpc_msg req, rep;
struct ypresp_all resp;
diff --git a/yp/Makefile.am b/yp/Makefile.am
index a75aa22..a4b4e4b 100644
--- a/yp/Makefile.am
+++ b/yp/Makefile.am
@@ -7,7 +7,7 @@ yp.h: yp.x
$(RPCGEN) -h -o $@ $^
yp_xdr.c: yp.x
$(RM) -f $@
- $(RPCGEN) -c -o $@ $^
+ $(RPCGEN) -c -i 0 -o $@ $^
yp_clnt.c: yp.x
$(RM) -f $@
$(RPCGEN) -l -o $@ $^
--
2.21.0

61
SOURCES/slapi-nis-fix-valgrind-issues.patch Normal file
View File

@ -0,0 +1,61 @@
From dbe1e300171e04cc328a4f31d0bffcac056e7cfa Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Mon, 31 Aug 2020 16:53:47 +0300
Subject: [PATCH] idviews: clear intermediate target DN in all cases
When processing a search request, slapi-nis attempts to detect an ID
View lookup. A target DN is modified by extracting an ID view name. This
temporary string is freed in the successful case but left unotouched if
ID View wasn't requested. As a result, small leaks on each search
request accumulate and a memory can get lost.
Resolves: rhbz#1866113
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
src/back-sch.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/back-sch.c b/src/back-sch.c
index 03abbeb..f8b04a3 100644
--- a/src/back-sch.c
+++ b/src/back-sch.c
@@ -1767,6 +1767,7 @@ backend_search_cb(Slapi_PBlock *pb)
/* Perform another check, now for rewritten DN */
cbdata.target_dn = slapi_sdn_new_dn_byval(target);
map_data_foreach_domain(cbdata.state, backend_search_find_set_dn_cb, &cbdata);
+
/* Rewritten DN might still be outside of our trees */
if (cbdata.answer == TRUE) {
slapi_log_error(SLAPI_LOG_PLUGIN, cbdata.state->plugin_desc->spd_id,
@@ -1774,19 +1775,21 @@ backend_search_cb(Slapi_PBlock *pb)
"for \"%s\" with scope %d%s. Filter may get overridden later.\n",
cbdata.idview, target, cbdata.strfilter, cbdata.scope,
backend_sch_scope_as_string(cbdata.scope));
- } else {
- slapi_sdn_free(&cbdata.target_dn);
- slapi_ch_free_string(&target);
- slapi_ch_free_string(&cbdata.idview);
+ }
+
+ slapi_sdn_free(&cbdata.target_dn);
+ slapi_ch_free_string(&cbdata.idview);
+
+ if (cbdata.answer == FALSE) {
slapi_log_error(SLAPI_LOG_PLUGIN,
cbdata.state->plugin_desc->spd_id,
"The search base didn't match any of the containers, "
"ignoring search\n");
+ slapi_ch_free_string(&target);
return 0;
}
- } else {
- slapi_ch_free_string(&target);
}
+ slapi_ch_free_string(&target);
}
cbdata.answer = FALSE;
#endif
--
2.26.2

53
SOURCES/slapi-nis-ignore-unmatched-searches.patch Normal file
View File

@ -0,0 +1,53 @@
From 61ea8f6a104da25329e301a8f56944f860de8177 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Sat, 12 Sep 2020 12:00:22 +0300
Subject: [PATCH] Ignore searches that do not match any of configured tree
Resolves: rhbz#1874015
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
---
slapi-nis.spec | 5 ++++-
src/back-sch.c | 4 ++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/slapi-nis.spec b/slapi-nis.spec
index 3eb3e37..8bde325 100644
--- a/slapi-nis.spec
+++ b/slapi-nis.spec
@@ -11,7 +11,7 @@
Name: slapi-nis
Version: 0.56.5
-Release: 1%{?dist}
+Release: 3%{?dist}
Summary: NIS Server and Schema Compatibility plugins for Directory Server
License: GPLv2
URL: http://pagure.io/slapi-nis/
@@ -81,6 +81,9 @@ make check
%{_sbindir}/nisserver-plugin-defs
%changelog
+* Sat Sep 12 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-3
+- Ignore searches which don't match any configured map
+
* Mon May 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-1
- New upstream release
- Resolves: rhbz#1751295: (2) When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming
diff --git a/src/back-sch.c b/src/back-sch.c
index f8b04a3..a5e4c04 100644
--- a/src/back-sch.c
+++ b/src/back-sch.c
@@ -1790,6 +1790,10 @@ backend_search_cb(Slapi_PBlock *pb)
}
}
slapi_ch_free_string(&target);
+ if (cbdata.answer == FALSE) {
+ /* None of the configured trees in the sets matched the target at all, ignore search */
+ return 0;
+ }
}
cbdata.answer = FALSE;
#endif
--
2.26.2

31
SPECS/slapi-nis.spec
View File

@ -10,16 +10,17 @@
%endif
Name: slapi-nis
Version: 0.56.3
Release: 2%{?dist}
Version: 0.56.5
Release: 4%{?dist}
Summary: NIS Server and Schema Compatibility plugins for Directory Server
Group: System Environment/Daemons
License: GPLv2
URL: http://pagure.io/slapi-nis/
Source0: https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz
Source1: https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz.sig
Patch1: slapi-nis-fix-some-of-compiler-warnings.patch
Patch2: slapi-nis-Bug-1725845-slapi-nis-crashes-when-returning-an-entr.patch
Source1: https://releases.pagure.org/slapi-nis/slapi-nis-%{version}.tar.gz.asc
Patch1: slapi-nis-bz1832331.patch
Patch2: slapi-nis-fix-valgrind-issues.patch
Patch3: slapi-nis-ignore-unmatched-searches.patch
BuildRequires: autoconf
BuildRequires: automake
@ -35,7 +36,7 @@ BuildRequires: libsss_nss_idmap-devel > 1.16.0-5
BuildRequires: pam-devel
%if (0%{?fedora} > 14 && 0%{?fedora} < 28) || (0%{?rhel} > 6 && 0%{?rhel} < 8)
BuildRequires: libtirpc-devel
%else:
%else
BuildRequires: libnsl2-devel
%endif
%if 0%{?fedora} > 27 || 0%{?rhel} > 7
@ -60,6 +61,7 @@ for attributes from multiple entries in the tree.
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
autoconf --force
@ -88,6 +90,23 @@ make check
%{_sbindir}/nisserver-plugin-defs
%changelog
* Mon Sep 14 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-4
- Ignore unmatched searches
- Resolves: rhbz#1874015
* Thu Sep 10 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-3
- Fix memory leaks in ID views processing
- Resolves: rhbz#1875348
* Wed May 06 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-2
- Initialize map lock in NIS plugin
- Resolves: rhbz#1832331
* Mon May 04 2020 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.5-1
- Upstream release 0.56.5
- Resolves: rhbz#1751295: (2) When sync-repl is enabled, slapi-nis can deadlock during retrochanglog trimming
- Resolves: rhbz#1768156: ERR - schemacompat - map rdlock: old way MAP_MONITOR_DISABLED
* Fri Aug 16 2019 Alexander Bokovoy <abokovoy@redhat.com> - 0.56.3-2
- Resolves rhbz#1741881
ns-slapd is crashing intermittently