rpms/sssd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to latest released upstream version 2.2.2

Browse Source
This commit is contained in:
Michal Židek 2019-08-28 10:15:03 +02:00
parent e35ea7dfd4
commit 0aaf839d04
6 changed files with 11 additions and 245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -83,3 +83,5 @@ sssd-1.2.91.tar.gz
/sssd-2.0.0.tar.gz
/sssd-2.1.0.tar.gz
/sssd-2.2.0.tar.gz
/sssd-2.2.1.tar.gz
/sssd-2.2.2.tar.gz

133
0001-PROXY-Return-data-in-output-parameter-if-everything-.patch
View File

@ -1,133 +0,0 @@
From e1b678c0cce73494d986610920b03956c1dbb62a Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Fri, 28 Jun 2019 16:27:21 +0200
Subject: [PATCH] PROXY: Return data in output parameter if everything is OK
The function remove_duplicate_group_members might return EOK also in the middle
of function but return parameter was not set with right data.
Processing continued in the function save_group but there was a
dereference of NULL pointer.
Introduced in: https://pagure.io/SSSD/sssd/issue/3931
Crash:
(gdb) bt
#0 0x00007fb4ce4a9ac5 in save_group (sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, grp=grp@entry=0x55c9a0f370f0, real_name=0x55c9a0f47340 "nobody@ldap",
alias=alias@entry=0x0) at src/providers/proxy/proxy_id.c:748
#1 0x00007fb4ce4aa600 in get_gr_gid (mem_ctx=mem_ctx@entry=0x55c9a0f38be0, sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, gid=99, now=<optimized out>,
ctx=<optimized out>) at src/providers/proxy/proxy_id.c:1160
#2 0x00007fb4ce4ac9e5 in get_initgr_groups_process (pwd=0x55c9a0f384a0, pwd=0x55c9a0f384a0, dom=0x55c9a0efb420, sysdb=0x55c9a0efb230, ctx=0x55c9a0f048e0, memctx=0x55c9a0f38be0)
at src/providers/proxy/proxy_id.c:1553
#3 get_initgr (i_name=<optimized out>, dom=0x55c9a0efb420, sysdb=<optimized out>, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1461
#4 proxy_account_info (domain=0x55c9a0efb420, be_ctx=<optimized out>, data=<optimized out>, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1659
#5 proxy_account_info_handler_send (mem_ctx=<optimized out>, id_ctx=0x55c9a0f048e0, data=<optimized out>, params=0x55c9a0f39790) at src/providers/proxy/proxy_id.c:1758
#6 0x000055c99fc67677 in file_dp_request (_dp_req=<synthetic pointer>, req=0x55c9a0f39470, request_data=<optimized out>, dp_flags=1, method=DPM_ACCOUNT_HANDLER, target=DPT_ID,
name=<optimized out>, domainname=0x55c9a0f39190 "LDAP", provider=0x55c9a0efe0e0, mem_ctx=<optimized out>) at src/providers/data_provider/dp_request.c:250
#7 dp_req_send (mem_ctx=0x55c9a0f37b60, provider=provider@entry=0x55c9a0efe0e0, domain=domain@entry=0x55c9a0f39190 "LDAP", name=<optimized out>, target=target@entry=DPT_ID,
method=method@entry=DPM_ACCOUNT_HANDLER, dp_flags=dp_flags@entry=1, request_data=0x55c9a0f37c00, _request_name=0x55c9a0f37b60) at src/providers/data_provider/dp_request.c:295
#8 0x000055c99fc6a132 in dp_get_account_info_send (mem_ctx=<optimized out>, ev=0x55c9a0eddbc0, sbus_req=<optimized out>, provider=0x55c9a0efe0e0, dp_flags=1,
entry_type=<optimized out>, filter=0x55c9a0f358d0 "name=nobody@ldap", domain=0x55c9a0f39190 "LDAP", extra=0x55c9a0f354a0 "") at src/providers/data_provider/dp_target_id.c:528
#9 0x00007fb4da35265b in _sbus_sss_invoke_in_uusss_out_qus_step (ev=0x55c9a0eddbc0, te=<optimized out>, tv=..., private_data=<optimized out>) at src/sss_iface/sbus_sss_invokers.c:2847
#10 0x00007fb4d9cfb1cf in tevent_common_invoke_timer_handler () from /lib64/libtevent.so.0
#11 0x00007fb4d9cfb339 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0
#12 0x00007fb4d9cfc2f9 in epoll_event_loop_once () from /lib64/libtevent.so.0
#13 0x00007fb4d9cfa7b7 in std_event_loop_once () from /lib64/libtevent.so.0
#14 0x00007fb4d9cf5b5d in _tevent_loop_once () from /lib64/libtevent.so.0
#15 0x00007fb4d9cf5d8b in tevent_common_loop_wait () from /lib64/libtevent.so.0
#16 0x00007fb4d9cfa757 in std_event_loop_wait () from /lib64/libtevent.so.0
#17 0x00007fb4dd955ac3 in server_loop (main_ctx=0x55c9a0edf090) at src/util/server.c:724
#18 0x000055c99fc59760 in main (argc=8, argv=<optimized out>) at src/providers/data_provider_be.c:747
(gdb) l
(gdb) bt
#0 0x00007fb4ce4a9ac5 in save_group (sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, grp=grp@entry=0x55c9a0f370f0, real_name=0x55c9a0f47340 "nobody@ldap",
alias=alias@entry=0x0) at src/providers/proxy/proxy_id.c:748
#1 0x00007fb4ce4aa600 in get_gr_gid (mem_ctx=mem_ctx@entry=0x55c9a0f38be0, sysdb=sysdb@entry=0x55c9a0efb230, dom=dom@entry=0x55c9a0efb420, gid=99, now=<optimized out>,
ctx=<optimized out>) at src/providers/proxy/proxy_id.c:1160
#2 0x00007fb4ce4ac9e5 in get_initgr_groups_process (pwd=0x55c9a0f384a0, pwd=0x55c9a0f384a0, dom=0x55c9a0efb420, sysdb=0x55c9a0efb230, ctx=0x55c9a0f048e0, memctx=0x55c9a0f38be0)
at src/providers/proxy/proxy_id.c:1553
#3 get_initgr (i_name=<optimized out>, dom=0x55c9a0efb420, sysdb=<optimized out>, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1461
#4 proxy_account_info (domain=0x55c9a0efb420, be_ctx=<optimized out>, data=<optimized out>, ctx=0x55c9a0f048e0, mem_ctx=0x55c9a0f38b70) at src/providers/proxy/proxy_id.c:1659
#5 proxy_account_info_handler_send (mem_ctx=<optimized out>, id_ctx=0x55c9a0f048e0, data=<optimized out>, params=0x55c9a0f39790) at src/providers/proxy/proxy_id.c:1758
#6 0x000055c99fc67677 in file_dp_request (_dp_req=<synthetic pointer>, req=0x55c9a0f39470, request_data=<optimized out>, dp_flags=1, method=DPM_ACCOUNT_HANDLER, target=DPT_ID,
name=<optimized out>, domainname=0x55c9a0f39190 "LDAP", provider=0x55c9a0efe0e0, mem_ctx=<optimized out>) at src/providers/data_provider/dp_request.c:250
#7 dp_req_send (mem_ctx=0x55c9a0f37b60, provider=provider@entry=0x55c9a0efe0e0, domain=domain@entry=0x55c9a0f39190 "LDAP", name=<optimized out>, target=target@entry=DPT_ID,
method=method@entry=DPM_ACCOUNT_HANDLER, dp_flags=dp_flags@entry=1, request_data=0x55c9a0f37c00, _request_name=0x55c9a0f37b60) at src/providers/data_provider/dp_request.c:295
#8 0x000055c99fc6a132 in dp_get_account_info_send (mem_ctx=<optimized out>, ev=0x55c9a0eddbc0, sbus_req=<optimized out>, provider=0x55c9a0efe0e0, dp_flags=1,
entry_type=<optimized out>, filter=0x55c9a0f358d0 "name=nobody@ldap", domain=0x55c9a0f39190 "LDAP", extra=0x55c9a0f354a0 "") at src/providers/data_provider/dp_target_id.c:528
#9 0x00007fb4da35265b in _sbus_sss_invoke_in_uusss_out_qus_step (ev=0x55c9a0eddbc0, te=<optimized out>, tv=..., private_data=<optimized out>) at src/sss_iface/sbus_sss_invokers.c:2847
#10 0x00007fb4d9cfb1cf in tevent_common_invoke_timer_handler () from /lib64/libtevent.so.0
#11 0x00007fb4d9cfb339 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0
#12 0x00007fb4d9cfc2f9 in epoll_event_loop_once () from /lib64/libtevent.so.0
#13 0x00007fb4d9cfa7b7 in std_event_loop_once () from /lib64/libtevent.so.0
#14 0x00007fb4d9cf5b5d in _tevent_loop_once () from /lib64/libtevent.so.0
#15 0x00007fb4d9cf5d8b in tevent_common_loop_wait () from /lib64/libtevent.so.0
#16 0x00007fb4d9cfa757 in std_event_loop_wait () from /lib64/libtevent.so.0
#17 0x00007fb4dd955ac3 in server_loop (main_ctx=0x55c9a0edf090) at src/util/server.c:724
#18 0x000055c99fc59760 in main (argc=8, argv=<optimized out>) at src/providers/data_provider_be.c:747
(gdb) l
733 ret = remove_duplicate_group_members(tmp_ctx, grp, &ngroup);
734 if (ret != EOK) {
735 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to remove duplicate group member s\n");
736 goto done;
737 }
738
739 DEBUG_GR_MEM(SSSDBG_TRACE_LIBS, ngroup);
740
741 ret = sysdb_transaction_start(sysdb);
742 if (ret != EOK) {
743 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
744 goto done;
745 }
746 in_transaction = true;
747
748 if (ngroup->gr_mem && ngroup->gr_mem[0]) {
749 attrs = sysdb_new_attrs(tmp_ctx);
750 if (!attrs) {
751 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error?!\n");
752 ret = ENOMEM;
(gdb) p ngroup
$1 = (struct group *) 0x0
743 DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
744 goto done;
745 }
746 in_transaction = true;
747
748 if (ngroup->gr_mem && ngroup->gr_mem[0]) {
749 attrs = sysdb_new_attrs(tmp_ctx);
750 if (!attrs) {
751 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error?!\n");
752 ret = ENOMEM;
(gdb) p ngroup
$1 = (struct group *) 0x0
Merges: https://pagure.io/SSSD/sssd/pull-request/4036
Resolves:
https://pagure.io/SSSD/sssd/issue/4037
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/providers/proxy/proxy_id.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index e1be29076..91105ce5a 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -698,10 +698,12 @@ static errno_t remove_duplicate_group_members(TALLOC_CTX *mem_ctx,
}
grp->gr_mem[i] = NULL;
- *_grp = talloc_steal(mem_ctx, grp);
ret = EOK;
done:
+ if (ret == EOK) {
+ *_grp = talloc_steal(mem_ctx, grp);
+ }
talloc_zfree(tmp_ctx);
return ret;
--
2.20.1

106
0002-MONITOR-Don-t-check-for-the-nscd-socket-while-regene.patch
View File

@ -1,106 +0,0 @@
From 0a10d863f4186a18d4622e72065c8aa66b6bfa17 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 18 Jun 2019 21:21:08 +0200
Subject: [PATCH] MONITOR: Don't check for the nscd socket while regenerating
configuration
https://pagure.io/SSSD/sssd/issue/4028
In setups where only sssd-kcm is used and not the rest of SSSD, seeing
the nscd warning might be irritating.
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
---
src/monitor/monitor.c | 69 ++++++++++++++++++++++---------------------
1 file changed, 35 insertions(+), 34 deletions(-)
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c
index 33a28a09f..d3f8c8878 100644
--- a/src/monitor/monitor.c
+++ b/src/monitor/monitor.c
@@ -2480,40 +2480,8 @@ int main(int argc, const char *argv[])
}
#endif
- /* Warn if nscd seems to be running */
- ret = check_file(NSCD_SOCKET_PATH,
- -1, -1, S_IFSOCK, S_IFMT, NULL, false);
- if (ret == EOK) {
- ret = sss_nscd_parse_conf(NSCD_CONF_PATH);
-
- switch (ret) {
- case ENOENT:
- sss_log(SSS_LOG_NOTICE,
- "NSCD socket was detected. NSCD caching capabilities "
- "may conflict with SSSD for users and groups. It is "
- "recommended not to run NSCD in parallel with SSSD, "
- "unless NSCD is configured not to cache the passwd, "
- "group, netgroup and services nsswitch maps.");
- break;
-
- case EEXIST:
- sss_log(SSS_LOG_NOTICE,
- "NSCD socket was detected and seems to be configured "
- "to cache some of the databases controlled by "
- "SSSD [passwd,group,netgroup,services]. It is "
- "recommended not to run NSCD in parallel with SSSD, "
- "unless NSCD is configured not to cache these.");
- break;
-
- case EOK:
- DEBUG(SSSDBG_TRACE_FUNC, "NSCD socket was detected and it "
- "seems to be configured not to interfere with "
- "SSSD's caching capabilities\n");
- }
- }
-
- /* Check if the SSSD is already running unless we're only interested
- * in re-reading the configuration
+ /* Check if the SSSD is already running and for nscd conflicts unless we're
+ * only interested in re-reading the configuration
*/
if (opt_genconf == 0) {
ret = check_file(SSSD_PIDFILE, 0, 0, S_IFREG|0600, 0, NULL, false);
@@ -2523,6 +2491,39 @@ int main(int argc, const char *argv[])
ERROR("SSSD is already running\n");
return 2;
}
+
+ /* Warn if nscd seems to be running */
+ ret = check_file(NSCD_SOCKET_PATH,
+ -1, -1, S_IFSOCK, S_IFMT, NULL, false);
+ if (ret == EOK) {
+ ret = sss_nscd_parse_conf(NSCD_CONF_PATH);
+
+ switch (ret) {
+ case ENOENT:
+ sss_log(SSS_LOG_NOTICE,
+ "NSCD socket was detected. NSCD caching capabilities "
+ "may conflict with SSSD for users and groups. It is "
+ "recommended not to run NSCD in parallel with SSSD, "
+ "unless NSCD is configured not to cache the passwd, "
+ "group, netgroup and services nsswitch maps.");
+ break;
+
+ case EEXIST:
+ sss_log(SSS_LOG_NOTICE,
+ "NSCD socket was detected and seems to be configured "
+ "to cache some of the databases controlled by "
+ "SSSD [passwd,group,netgroup,services]. It is "
+ "recommended not to run NSCD in parallel with SSSD, "
+ "unless NSCD is configured not to cache these.");
+ break;
+
+ case EOK:
+ DEBUG(SSSDBG_TRACE_FUNC, "NSCD socket was detected and it "
+ "seems to be configured not to interfere with "
+ "SSSD's caching capabilities\n");
+ }
+ }
+
}
/* Parse config file, fail if cannot be done */
--
2.20.1

2
0502-SYSTEMD-Use-capabilities.patch
View File

@ -17,9 +17,9 @@ index 0c515d34caaa3ea397c4c7e95eef0188df170840..252889dbb2b7b1e651966258e7b76eab
NotifyAccess=main
PIDFile=@pidpath@/sssd.pid
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND
Restart=on-failure
[Install]
WantedBy=multi-user.target
--
2.15.1

2
sources
View File

@ -1 +1 @@
SHA512 (sssd-2.2.0.tar.gz) = 9ebd8784e1f0c72cb808bbc153c0b0aa9bf507938f78336a260073a89b49350dc2c6172653509738ea7a50bb9da596725e1d6c92f99c7a03308aa42f6378dbbb
SHA512 (sssd-2.2.2.tar.gz) = 4cce8fdbcc05d1469dad5ba987cb0f9bc33702b37f85e8e248975461bb50b0740fec92ff213bdb640b506405be7ead936ff253ab02d4a27205ddf20cc0e54801

11
sssd.spec
View File

@ -35,16 +35,14 @@
%endif
Name: sssd
Version: 2.2.0
Release: 6%{?dist}
Version: 2.2.2
Release: 1%{?dist}
Summary: System Security Services Daemon
License: GPLv3+
URL: https://pagure.io/SSSD/sssd/
Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
### Patches ###
Patch0001: 0001-PROXY-Return-data-in-output-parameter-if-everything-.patch
Patch0002: 0002-MONITOR-Don-t-check-for-the-nscd-socket-while-regene.patch
### Downstream only patches ###
Patch0502: 0502-SYSTEMD-Use-capabilities.patch
@ -1069,6 +1067,11 @@ fi
%{_libdir}/%{name}/modules/libwbclient.so
%changelog
* Wed Sep 11 2019 Michal Židek <mzidek@redhat.com> - 2.2.2-1
- Update to latest released upstream version
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_2.html
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_2_2_1.html
* Mon Aug 26 2019 Stephen Gallagher <sgallagh@redhat.com> - 2.2.0-6
- Rebuilding for libldb 2.0.5