diff --git a/0001-Makefile-remove-unneeded-dependency.patch b/0001-Makefile-remove-unneeded-dependency.patch new file mode 100644 index 0000000..271a5d8 --- /dev/null +++ b/0001-Makefile-remove-unneeded-dependency.patch @@ -0,0 +1,51 @@ +From 4e9e83210601043abab6098f2bda67ae6704fe3e Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Thu, 21 Jul 2022 20:16:32 +0200 +Subject: [PATCH] Makefile: remove unneeded dependency +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Justin Stephenson +Reviewed-by: Pavel Březina +(cherry picked from commit c6226c2986ffae9ed17562eb40407367ca37d23f) +--- + Makefile.am | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 669a0fc56..92d046888 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1766,12 +1766,10 @@ sssd_kcm_CFLAGS = \ + $(KRB5_CFLAGS) \ + $(UUID_CFLAGS) \ + $(CURL_CFLAGS) \ +- $(JANSSON_CFLAGS) \ + $(NULL) + sssd_kcm_LDADD = \ + $(LIBADD_DL) \ + $(KRB5_LIBS) \ +- $(JANSSON_LIBS) \ + $(SSSD_LIBS) \ + $(UUID_LIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ +@@ -3792,7 +3790,6 @@ test_kcm_marshalling_CFLAGS = \ + $(UUID_CFLAGS) \ + $(NULL) + test_kcm_marshalling_LDADD = \ +- $(JANSSON_LIBS) \ + $(UUID_LIBS) \ + $(KRB5_LIBS) \ + $(CMOCKA_LIBS) \ +@@ -3855,7 +3852,6 @@ test_kcm_renewals_LDFLAGS = \ + test_kcm_renewals_LDADD = \ + $(LIBADD_DL) \ + $(UUID_LIBS) \ +- $(JANSSON_LIBS) \ + $(KRB5_LIBS) \ + $(CARES_LIBS) \ + $(CMOCKA_LIBS) \ +-- +2.37.1 + diff --git a/0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch b/0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch new file mode 100644 index 0000000..6caa8fc --- /dev/null +++ b/0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch @@ -0,0 +1,155 @@ +From 03142f8de42faf4f75465d24d3be9a49c2dd86f7 Mon Sep 17 00:00:00 2001 +From: Alexey Tikhonov +Date: Fri, 29 Jul 2022 14:57:20 +0200 +Subject: [PATCH] CLIENT:MC: store context mutex outside of context as it + should survive context destruction / re-initialization +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Iker Pedrosa +Reviewed-by: Pavel Březina +(cherry picked from commit 0f3a761ed9d654a61f8caed8eae3863c518b9911) +--- + src/sss_client/nss_mc.h | 4 ++-- + src/sss_client/nss_mc_common.c | 10 ++++++++-- + src/sss_client/nss_mc_group.c | 5 +++++ + src/sss_client/nss_mc_initgr.c | 5 +++++ + src/sss_client/nss_mc_passwd.c | 5 +++++ + src/sss_client/nss_mc_sid.c | 5 +++++ + 6 files changed, 30 insertions(+), 4 deletions(-) + +diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h +index b66e8f09f..de1496ccc 100644 +--- a/src/sss_client/nss_mc.h ++++ b/src/sss_client/nss_mc.h +@@ -48,7 +48,7 @@ enum sss_mc_state { + struct sss_cli_mc_ctx { + enum sss_mc_state initialized; + #if HAVE_PTHREAD +- pthread_mutex_t mutex; ++ pthread_mutex_t *mutex; + #endif + int fd; + +@@ -67,7 +67,7 @@ struct sss_cli_mc_ctx { + }; + + #if HAVE_PTHREAD +-#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, PTHREAD_MUTEX_INITIALIZER, 1, 0, NULL, 0, NULL, 0, NULL, 0, 0} ++#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), 1, 0, NULL, 0, NULL, 0, NULL, 0, 0} + #else + #define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, 1, 0, NULL, 0, NULL, 0, NULL, 0, 0} + #endif +diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c +index c73a93a9a..f38a4a85a 100644 +--- a/src/sss_client/nss_mc_common.c ++++ b/src/sss_client/nss_mc_common.c +@@ -58,14 +58,14 @@ do { \ + static void sss_mt_lock(struct sss_cli_mc_ctx *ctx) + { + #if HAVE_PTHREAD +- pthread_mutex_lock(&ctx->mutex); ++ pthread_mutex_lock(ctx->mutex); + #endif + } + + static void sss_mt_unlock(struct sss_cli_mc_ctx *ctx) + { + #if HAVE_PTHREAD +- pthread_mutex_unlock(&ctx->mutex); ++ pthread_mutex_unlock(ctx->mutex); + #endif + } + +@@ -131,6 +131,9 @@ errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx) + static void sss_nss_mc_destroy_ctx(struct sss_cli_mc_ctx *ctx) + { + uint32_t active_threads = ctx->active_threads; ++#if HAVE_PTHREAD ++ pthread_mutex_t *mutex = ctx->mutex; ++#endif + + if ((ctx->mmap_base != NULL) && (ctx->mmap_size != 0)) { + munmap(ctx->mmap_base, ctx->mmap_size); +@@ -143,6 +146,9 @@ static void sss_nss_mc_destroy_ctx(struct sss_cli_mc_ctx *ctx) + + /* restore count of active threads */ + ctx->active_threads = active_threads; ++#if HAVE_PTHREAD ++ ctx->mutex = mutex; ++#endif + } + + static errno_t sss_nss_mc_init_ctx(const char *name, +diff --git a/src/sss_client/nss_mc_group.c b/src/sss_client/nss_mc_group.c +index 2ea40c435..d4f2a82ab 100644 +--- a/src/sss_client/nss_mc_group.c ++++ b/src/sss_client/nss_mc_group.c +@@ -29,7 +29,12 @@ + #include "nss_mc.h" + #include "shared/safealign.h" + ++#if HAVE_PTHREAD ++static pthread_mutex_t gr_mc_ctx_mutex = PTHREAD_MUTEX_INITIALIZER; ++static struct sss_cli_mc_ctx gr_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER(&gr_mc_ctx_mutex); ++#else + static struct sss_cli_mc_ctx gr_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER; ++#endif + + static errno_t sss_nss_mc_parse_result(struct sss_mc_rec *rec, + struct group *result, +diff --git a/src/sss_client/nss_mc_initgr.c b/src/sss_client/nss_mc_initgr.c +index b05946263..bd7282935 100644 +--- a/src/sss_client/nss_mc_initgr.c ++++ b/src/sss_client/nss_mc_initgr.c +@@ -32,7 +32,12 @@ + #include "nss_mc.h" + #include "shared/safealign.h" + ++#if HAVE_PTHREAD ++static pthread_mutex_t initgr_mc_ctx_mutex = PTHREAD_MUTEX_INITIALIZER; ++static struct sss_cli_mc_ctx initgr_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER(&initgr_mc_ctx_mutex); ++#else + static struct sss_cli_mc_ctx initgr_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER; ++#endif + + static errno_t sss_nss_mc_parse_result(struct sss_mc_rec *rec, + long int *start, long int *size, +diff --git a/src/sss_client/nss_mc_passwd.c b/src/sss_client/nss_mc_passwd.c +index 01c6801da..256d48444 100644 +--- a/src/sss_client/nss_mc_passwd.c ++++ b/src/sss_client/nss_mc_passwd.c +@@ -28,7 +28,12 @@ + #include + #include "nss_mc.h" + ++#if HAVE_PTHREAD ++static pthread_mutex_t pw_mc_ctx_mutex = PTHREAD_MUTEX_INITIALIZER; ++static struct sss_cli_mc_ctx pw_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER(&pw_mc_ctx_mutex); ++#else + static struct sss_cli_mc_ctx pw_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER; ++#endif + + static errno_t sss_nss_mc_parse_result(struct sss_mc_rec *rec, + struct passwd *result, +diff --git a/src/sss_client/nss_mc_sid.c b/src/sss_client/nss_mc_sid.c +index af7d7bbd5..52e684da5 100644 +--- a/src/sss_client/nss_mc_sid.c ++++ b/src/sss_client/nss_mc_sid.c +@@ -30,7 +30,12 @@ + #include "util/mmap_cache.h" + #include "idmap/sss_nss_idmap.h" + ++#if HAVE_PTHREAD ++static pthread_mutex_t sid_mc_ctx_mutex = PTHREAD_MUTEX_INITIALIZER; ++static struct sss_cli_mc_ctx sid_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER(&sid_mc_ctx_mutex); ++#else + static struct sss_cli_mc_ctx sid_mc_ctx = SSS_CLI_MC_CTX_INITIALIZER; ++#endif + + static errno_t mc_get_sid_by_typed_id(uint32_t id, enum sss_id_type object_type, + char **sid, uint32_t *type, +-- +2.37.1 + diff --git a/0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch b/0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch new file mode 100644 index 0000000..965ceaa --- /dev/null +++ b/0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch @@ -0,0 +1,36 @@ +From 49eb871847a94311bbd2190a315230e4bae1ea2c Mon Sep 17 00:00:00 2001 +From: Justin Stephenson +Date: Mon, 1 Aug 2022 09:54:51 -0400 +Subject: [PATCH] CACHE_REQ: Fix hybrid lookup log spamming +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Skip calling cache_req_data_set_hybrid_lookup() when hybrid data +is NULL for certain NSS request types (e.g. Service by Name). + +Reviewed-by: Alexey Tikhonov +Reviewed-by: Pavel Březina +(cherry picked from commit 96a1dce8096d45e986ab01aaac11d8c77c36d1d7) +--- + src/responder/nss/nss_get_object.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c +index 9762d6bfe..5a2e7e9bd 100644 +--- a/src/responder/nss/nss_get_object.c ++++ b/src/responder/nss/nss_get_object.c +@@ -171,7 +171,9 @@ hybrid_domain_retry_data(TALLOC_CTX *mem_ctx, + input_name); + } + +- cache_req_data_set_hybrid_lookup(hybrid_data, true); ++ if (hybrid_data != NULL) { ++ cache_req_data_set_hybrid_lookup(hybrid_data, true); ++ } + + return hybrid_data; + } +-- +2.37.1 + diff --git a/0004-Analyzer-Fix-escaping-raw-fstring.patch b/0004-Analyzer-Fix-escaping-raw-fstring.patch new file mode 100644 index 0000000..7f87ccc --- /dev/null +++ b/0004-Analyzer-Fix-escaping-raw-fstring.patch @@ -0,0 +1,30 @@ +From f90205831c44cc2849c7221e5117b6af808411c3 Mon Sep 17 00:00:00 2001 +From: Justin Stephenson +Date: Thu, 14 Jul 2022 11:21:04 -0400 +Subject: [PATCH] Analyzer: Fix escaping raw fstring + +Reviewed-by: Alexey Tikhonov +Reviewed-by: Iker Pedrosa +(cherry picked from commit 3d8622031b5240e215201aae1f9c9d05624cca19) +--- + src/tools/analyzer/modules/request.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py +index b8dd9b25c..935e13adc 100644 +--- a/src/tools/analyzer/modules/request.py ++++ b/src/tools/analyzer/modules/request.py +@@ -243,8 +243,8 @@ class RequestAnalyzer: + be_results = False + component = source.Component.NSS + resp = "nss" +- pattern = [rf'REQ_TRACE.*\[CID #{cid}\\]'] +- pattern.append(rf"\[CID#{cid}\\]") ++ pattern = [rf'REQ_TRACE.*\[CID #{cid}\]'] ++ pattern.append(rf"\[CID#{cid}\]") + + if args.pam: + component = source.Component.PAM +-- +2.37.1 + diff --git a/sssd.spec b/sssd.spec index b1c0884..0492d5b 100644 --- a/sssd.spec +++ b/sssd.spec @@ -27,14 +27,17 @@ Name: sssd Version: 2.7.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: System Security Services Daemon License: GPLv3+ URL: https://github.com/SSSD/sssd/ Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz ### Patches ### -#Patch0001: +Patch0001: 0001-Makefile-remove-unneeded-dependency.patch +Patch0002: 0002-CLIENT-MC-store-context-mutex-outside-of-context-as-.patch +Patch0003: 0003-CACHE_REQ-Fix-hybrid-lookup-log-spamming.patch +Patch0004: 0004-Analyzer-Fix-escaping-raw-fstring.patch ### Dependencies ### @@ -1059,6 +1062,12 @@ fi %systemd_postun_with_restart sssd.service %changelog +* Mon Aug 8 2022 Alexey Tikhonov - 2.7.3-2 +- Resolves: rhbz#2106660 - [regression] sssd goes offline with forced ldaps configuration +- Resolves: rhbz#2109451 - virsh command will hang after the host run several auto test cases +- Resolves: rhbz#2098654 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL +- Resolves: rhbz#2106685 - [regression] sssctl analyze fails to parse PAM related sssd logs + * Tue Jul 5 2022 Alexey Tikhonov - 2.7.3-1 - Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1 - Resolves: rhbz#1936551 - [Improvement] Provide user feedback when login fails due to blocked PIN